Orbi WiFi 7 RBE973

Re: Chrome Certificate

Zworkon
Aspirant

Chrome Certificate

After the latest updates with chrome, The certificate is not secure and I get this:

 

This site can’t be reached

The webpage at https://192.168.x.x/ might be temporarily down or it may have moved permanently to a new web address.

ERR_SSL_KEY_USAGE_INCOMPATIBLE
 
Is there a new certificate or what is the workaround besides Edge?
Message 1 of 80

Accepted Solutions
Zworkon
Aspirant

Re: Chrome Certificate

Here is the solution I found:

 

We found a fix. Delete the user's local state file located in C:\users\(username)\AppData\Local\Google\Chrome\User Data\Local State. After deleting it the issue went away. Let me know if that works for you. 

EDIT: Confirmed this is also happening on MacOS. Need to go to Library/Application Support/Google/ and Delete the Local State file from their as well. 

 

Thanks Everyone.

View solution in original post

Message 3 of 80

All Replies
FURRYe38
Guru

Re: Chrome Certificate

That would be something to ask Google about since Chrome is there product. 

Message 2 of 80
Zworkon
Aspirant

Re: Chrome Certificate

Here is the solution I found:

 

We found a fix. Delete the user's local state file located in C:\users\(username)\AppData\Local\Google\Chrome\User Data\Local State. After deleting it the issue went away. Let me know if that works for you. 

EDIT: Confirmed this is also happening on MacOS. Need to go to Library/Application Support/Google/ and Delete the Local State file from their as well. 

 

Thanks Everyone.

Message 3 of 80
CrimpOn
Guru

Re: Chrome Certificate

Hmmm.  No error on my Windows 11 machine with Chrome:

CrimpOn_0-1700667973254.png

I used http://orbilogin.net  and http://192.168.1.1 

Message 4 of 80
Rillekille
Guide

Re: Chrome Certificate

Hi!
I'm getting the same error message when trying to login to my Orbi RBR50 with chromeos 120.
Anyone having a solution for this situation?

Regards

/Rickard

Message 5 of 80
CrimpOn
Guru

Re: Chrome Certificate

When a web browser complains "not safe" about the Orbi SSL certificate, I search for that tiny link near the bottom of the screen called "Advanced Options" (or something vague like that) and get to a choice of "go there anyway".  Once the browser has been instructed to ignore the SSL certificate, it usually quits complaining about it.

Message 6 of 80
Rillekille
Guide

Re: Chrome Certificate

Message 7 of 80
CrimpOn
Guru

Re: Chrome Certificate

So, the task is to figure out "what is different?"

 

On my Windows 11, Chrome version 119.0.6045.160, clicking on the Advanced button brings up this page:

CrimpOn_0-1700769625240.png

 

Message 8 of 80
Rillekille
Guide

Re: Chrome Certificate

I'm running Chrome 120 beta, maybe it's a change in version 120?

I don't login very often on the router so I really can't tell how long it's not been working.

Message 9 of 80
Rillekille
Guide

Re: Chrome Certificate

We don't get the same error message, mine is ERR_SSL_KEY_USAGE_INCOMPATIBLE.

Message 10 of 80
CrimpOn
Guru

Re: Chrome Certificate


@Rillekille wrote:

I'm running Chrome 120 beta, maybe it's a change in version 120?


Could be.  Doesn't give me much of an incentive to load up the beta version.

Message 11 of 80
Rillekille
Guide

Re: Chrome Certificate

With MS Edge 119 it's possible to bypass the warning and login to the router.

I have an update waiting for Edge so if it is version 120 coming maybe I won't be able to login with that browser either efter the update...

Message 12 of 80
cowboybizz
Aspirant

Re: Chrome Certificate

The work around deleted the local state in the Chrome/Google folder did not correct my issue. Edge still worms. Any other ideas?
Message 13 of 80
CrimpOn
Guru

Re: Chrome Certificate

Have you tried deleting the beta version of Chrome and reinstalling the regular version?

Message 14 of 80
schumaku
Guru

Re: Chrome Certificate

One workaround without deleting the "Local State" file or using GPO to disable  "RSAKeyUsageForLocalAnchorsEnabled" is to start Chrome with the field trial disabled:

 

​chrome --force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch


The proper solution is to create a new certificate for the server with the key usage flag "Digital Signature" enabled.

 

The background is explained for example here in the release notes:

https://support.google.com/chrome/a/answer/10314655?sjid=16333568074522698164-EU#chromBre116&zippy=%...

 

A lot of work for Netgear engineering updating certificates, including the self signed ones, and distribute updated firmware all over.

 

@BruceGuo 

@JohnC_V 

@hnagaraju 

@DavidGo 

@LaurentMa 

Please distribute to all Netgear PMs and Engineers! Sorry for ruining the Xmas and New Year Holidays!

Message 15 of 80
James_MA
Initiate

Re: Chrome Certificate

chrome --force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch  does not work in my pc, and I can only connect with safari in my iphone.

 

There has no firmware update so far, may I know if there has any workaround?

 

Message 16 of 80
Jaroslaw
Guide

Re: Chrome Certificate

Will Netgear ever fix that sill certificate error?

Message 17 of 80
schumaku
Guru

Re: Chrome Certificate


@James_MA wrote:

chrome --force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch  does not work in my pc, and I can only connect with safari in my iphone. ...  may I know if there has any workaround?


What OS, what browser, and what version please?

Message 18 of 80
CrimpOn
Guru

Re: Chrome Certificate

Perhaps I am not doing it correctly.  Windows 11 Pro. trying to open https://orbilogin.net or https://192.168.1.1 

CrimpOn_0-1707670984842.png

Entering URL: https://192.168.1.1/--force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch 

Results in this:

CrimpOn_1-1707671079626.png

Opera:

CrimpOn_2-1707671240487.png

Firefox: https web site opens after warning about self-signed certificate.

 

Edge:

CrimpOn_3-1707671442618.png

 

Message 19 of 80
schumaku
Guru

Re: Chrome Certificate

Heya @CrimpOn 

 

Looks like you are mixing several different issues and models. The --force.... is a parameter to be passed to Chromw on start-up from the command line, not magicallly added to any URL.

 

Around the Christmas days, I've posted refering to what I understand are Netgear people able to read and understand the problem here. Almost three months later Netgear is -unable- to create and distribute self-sighed certificates with the new mandatory (by more and more modern browsers) inlcuding the new certificate attribute. If Netgear is unable to read, unable to listen, and obviously not even able to ASK in case they don't understand.

 

Fits perfect to the new nightmare they caused with distributing untested beat (or more QA-code, under the flag of an SSO idea) to some RAX50v2, and more RAX4xv2, ....

 

I'm serously disappointed: Even the CTO (I've sent emails, PMed on LinkedIn, ...these days) keeps silent and does not show any signs or a reaction.

 

Reagrds,

-Kurt

...no idea what for I'm wasting my time here. There is -nothing- coming back from Netgear, they are simply abusing the  free knowledge.

 

 

Message 20 of 80
schumaku
Guru

Re: Chrome Certificate

Not a refernence, however using the ubiqutous Chrome Version 121.0.6167.161 (Offizieller Build) (64-Bit) and Firefox 122.0.1 (64-bit) [admit to allow using legacy devices, I have changed the security.tls.version.min to 1] allow the access e.g. to a bunch of WAX6xx and WAC5xx using https flawless, after accepting the self-signed certificate as usual @CrimpOn 

Message 21 of 80
CrimpOn
Guru

Re: Chrome Certificate


@schumaku wrote:

The --force.... is a parameter to be passed to Chromw on start-up from the command line, not magicallly added to any URL.


I remain happy to use http to access the Orbi web admin and tell browsers to ignore the "not secured" error.  From what I can see, the current versions of:

  • Chrome
  • Edge
  • Opera

Simply will not connect to my RBR50 https web admin, even after saying to accept the self-signed SSL certificate. Whereas Firefox continues to connect after complaining about the self-signed SSL certificate.  Which could indicate it may be only a matter of time before Firefox also declines to connect.

 

Which would seem to indicate that enabling that option to require secure access would immediately lock the user out of the router (unless one of the more exotic, less used web browsers has not kept up with standards).

CrimpOn_0-1707684874811.png

 

 

 

Message 22 of 80
James_MA
Initiate

Re: Chrome Certificate

OS: Windows 11  Pro 23H2

Browser:

Chrome Version 121.0.6167.161 (Official Build) (64-bit)

Microsoft Edge Version 121.0.2277.112 (Official build) (64-bit)

 

Same error in both Chrome & Edge

 

 
Message 23 of 80
BrianL
NETGEAR Moderator

Re: Chrome Certificate

Hi @James_MA,

 

Try using Firefox to update Firmware (Online update) and a factory reset is required after installing the patch firmware. Let me know if this fixes your issue.

 

NOTE: You can save a backup config file and restore it once the factory reset is done.

 

 

Kind regards,

Message 24 of 80
Jaroslaw
Guide

Re: Chrome Certificate

Have same problem on Mac OS 14.3.1 (23D60) latest Chrome 

Chrome is up to date
Version 121.0.6167.184 (Official Build) (arm64)
 
Message 25 of 80
Top Contributors
Discussion stats
Announcements