Re: FVS336Gv3 - trying to upload CRL, getting error page

OK so it's been a week and no replies here.....

One theory: our CA provides SHA256 hashed CRLs. I notice that some of the VPN settings reference hash algorithms, and only allow MD5 and SHA1. Does the router support CRLs generated with SHA 2 family algorithms? (SHA256, SHA384, SHA512, etc.)

Hi train_wreck,

Not sure if this will help.  However, let me share this old forum link: https://community.netgear.com/t5/VPN-Firewalls/Can-t-Upload-Invalid-Self-Certificate/td-p/975149

Regards,

DaneA

NETGEAR Community Team

Yep, that pretty much sums it up. Our certs and CRL use 2048-bit RSA. We won't be able to integrate it.

Curious, is this limitation mentioned in the documentation anywhere?

Hi train_wreck,

I have just inquired about it to a higher tier of NETGEAR Support almost a year ago.  I also cannot find any documentation.

Regards,

DaneA

NETGEAR Community Team

OK, got it. I suppose this will be a feature request from me then, since many CAs are moving to 2048 bit RSA (as well as SHA2 hashes). Indeed, the CA browser forum recommends it.

Thanks DaneA for all of you & the other moderators assistance. I will check back  to see if Netgear's products can be implemented in our organization in the future. Thank you.

Even SRX5308 does not support SHA-2. I have seen references to it in Netgear UTM products, which being sunset pretty soon. Just go to

https://community.netgear.com/t5/Idea-Exchange-For-Business/SHA-256-signature-algorithm-for-SRX-5308...

and add a Kudos to this similar idea. may be when there are sufficient number kudos, Netgear will consider adding it to their firewall series firmware.