NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Implement Let's encrypt sertificate generation instead of self signed sertificate generated in all Nighthawk routers: R7000, R78000, R8000 and so on. It would be more secure. Many other router manufactures Asus, Zyxel Keenetic, D-Link now use Let's encrypt for all secure HTTPS, FTPS and so on connections in the routers.
Also make an option to choose HTTPS connection to router web GUI instead of HTTP.
14 Comments
- Instead of self signed certs? No cert is possible at this time. Neither self signed nor CA signed.
This topic is about Let's encrypt. Now R7000 for example generate only self signed sert with the latest FW.
- I'm on the latest R7000 firmware, V1.0.9.42_10.2.44. I see no ability to use any kind of certificate.
You just doesn't understant the process. It's generated automatic by the router if you enable https connection to USB via internet in Readyshare settings. Just watch screensho. This sert is self signed now. I suggest to use Lets' encrypt instead of it.
https://screenshots.firefox.com/L3MdsdStJHZB31LN/www.routerlogin.net
- Your original post doesn't discuss ReadyShare. That would not entail installing a cert on your router but Netgear installing a wildcard cert for *.mynetgear.com. Direct router administration should use https.
I mean it in "all secure HTTPS, FTPS and so on connections". It would be great to have Let's encrypt sert for such connections: Readyshare via internet, remote access, web GUI access, FTPS via internet in all Nighthawk serious (R7000, R7800, R8000, R9000 and so on).
- To use ReadyShare via the internet you connect to *.mynetgear.com which is owned by Netgear. Yes, Netgear should use a proper certificate for this. That certificate would be owned by Netgear. A wildcard certificate would be a good solution. To connect to your router from your home computer using https would require you to manage your own certificate for 10.0.0.1 or 192.168.0.1 however you've set up your router's ip address. Using a CA signed certificate for routerlogin.net would be problematic to say the least.
You connect directly in this case, for example https://95.86.206.210/shares ftp://95.86.206.210/shares this are my direct connections to USB drive connected to my R7000 via Readyshare, via HTTPS connection router use self signed sert that is not trusted by all browsers now and in previous idea, from there you wrote to me to make another idea directly with Let's encrypt, discourse was about that (not about ReadyCloud service). Only if you use ReadyCloud service in that case you connect via *.mynetgear.com as you wrote.
Fully backing the Let's Encrypt proposal of course.
Funny is the reading (off topic) in this thread about the wildcard *.mynetgear.com ... typical example of "hey it's green, it's secure". One wildcard certificate on all ReadyCloud systems (ReadyNAS, Nightawks, ...) and all sharing the very same private key. Almost security by obscurity. Nice idea, crap security.
Similar [yourname].mynetgear.com DDNS name can be used for a Let's Encrypt certificate. Supposedly a Netgear Domain. Figure - that's where Let's Encrypt is weak - the registration process does provide a very limited trust level only.
Bro, you just doesn't understand what it's about, we dodn't speak here about ReadyCloud service, we talk about ReadyShare service with direct connection, not via *mynetgear.com. As for Let's encrypt it's secure enought and also support wildcard certificates. Seams that you even doesn't know enought about Let's encrypt, it's supported and organized by such componies as Google, Mozilla, Microsoft, Intel, Akamai, Cisco and many others. The project was organized with an aim for secure internet and now it's root is trusted by all major root programs https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html.
So i doesn't see anything for crap security by implementing this in Nighthawk serious of products, instead it will bring more security to this products if you could connect via FTPS, HTTPS to connected USB drives and to web GUI locally and remotely.
