- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: FVS336Gv3 - trying to upload CRL, getting error page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FVS336Gv3 - trying to upload CRL, getting error page
The title says it; I have an existing self-signed PKI and I am trying to upload the CRL pem file. This is the exact same CRL file that is being used on other Cisco, Ubiquiti and Mikrotik routers, WIndows, Mac, Linux, iOS/Android, and other operating systems with no problem whatsoever.
When I click "Upload" on the "Certificates" config web page, I am presented with the following error page:
Any ideas? I am running the latest firmware as of this post.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - trying to upload CRL, getting error page
OK so it's been a week and no replies here.....
One theory: our CA provides SHA256 hashed CRLs. I notice that some of the VPN settings reference hash algorithms, and only allow MD5 and SHA1. Does the router support CRLs generated with SHA 2 family algorithms? (SHA256, SHA384, SHA512, etc.)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - trying to upload CRL, getting error page
Hi train_wreck,
Not sure if this will help. However, let me share this old forum link: https://community.netgear.com/t5/VPN-Firewalls/Can-t-Upload-Invalid-Self-Certificate/td-p/975149
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - trying to upload CRL, getting error page
Yep, that pretty much sums it up. Our certs and CRL use 2048-bit RSA. We won't be able to integrate it.
Curious, is this limitation mentioned in the documentation anywhere?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - trying to upload CRL, getting error page
Hi train_wreck,
I have just inquired about it to a higher tier of NETGEAR Support almost a year ago. I also cannot find any documentation.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - trying to upload CRL, getting error page
OK, got it. I suppose this will be a feature request from me then, since many CAs are moving to 2048 bit RSA (as well as SHA2 hashes). Indeed, the CA browser forum recommends it.
Thanks DaneA for all of you & the other moderators assistance. I will check back to see if Netgear's products can be implemented in our organization in the future. Thank you.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - trying to upload CRL, getting error page
Even SRX5308 does not support SHA-2. I have seen references to it in Netgear UTM products, which being sunset pretty soon. Just go to
and add a Kudos to this similar idea. may be when there are sufficient number kudos, Netgear will consider adding it to their firewall series firmware.