- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@abqttu wrote:The certificate expiration also breaks Orbi's built-in VPN. When I attempt to VPN into Orbi - from a site external from my home network - I receive warnings in both Chrome and Firefox of potential security issues.
notAfter=Aug 2 16:51:57 2019 GMT
I think what you are seeing is not the VPN being broken, but the same phenomenon we all notice. When the user connects a web browser to a "secure site" (https) and the web site certificate is not valid, the browser complains and urges the user not to proceed. The VPN still did its job by making the connection. The option to "go ahead anyway" is not obvious, and (I believe) some browsers will not permit the user to access a site with an invalid certificate. (Edge, for example)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
I agree the problem I am seeing is the same as what you all are seeing. It is not a client/server connectivity issue. However, VPN is effectively broken since chrome will not allow connections to remote destinations. And although Firefox will let you click through the security warnings its functionality is erratic at best.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@abqttu wrote:VPN is effectively broken since chrome will not allow connections to remote destinations. And although Firefox will let you click through the security warnings its functionality is erratic at best.
Is Chrome clicking through the security warning not the same as Firefox? (I don't have a 'remote' VPN available right now. Is it 'different'?)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
This really sucks!!!
Netgear has update the Orbi firmware (v2.5.0.38) and the security certificate has still not been updated.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@Wire1852 wrote:This really sucks!!!
Netgear has update the Orbi firmware (v2.5.0.38) and the security certificate has still not been updated.
I got the firmware by logging into router & checking for update. The new firmware doesn't show on Netgear support webpage.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@Wire1852 wrote:Netgear has update the Orbi firmware (v2.5.0.38) and the security certificate has still not been updated.
Oh Netgear did it again ... @ChristineT why I don't wonder one second?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@FURRYe38 wrote:https://kb.netgear.com/000061393/RBR50-RBS50-Firmware-Version-2-5-0-40-Hot-Fix
Are you insane? You're pointing people to a hot fix that is on top of 2.5.0.38 that people have been experiencing issues with for the last 2 weeks. Netgear indicate the hot fix only fixes the security certificate issue. All the other issues in 2.5.0.38 are still in this hot fix.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@Wire1852 wrote:
@FURRYe38 wrote:https://kb.netgear.com/000061393/RBR50-RBS50-Firmware-Version-2-5-0-40-Hot-Fix
Are you insane?
It's your choice what is more important - a valid certificate or a random older firmware you prefer for whatever reason. Unlikely Netgear will release older firmware(s) with the new factory certificate.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@schumaku wrote:It's your choice what is more important - a valid certificate or a random older firmware you prefer for whatever reason. Unlikely Netgear will release older firmware(s) with the new factory certificate.
----------------------
But they will release the valid security certificate in future releases that are actually stable. Assuming Netgear get it's act together.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Users need to factory reset there systems after loading v38 or v40. There is a known problem with v38 with device naming. This doesn't effect overall operation. I saw no issues with over all operation with v38 after a manual FW load and factory rest I'll be doing the same again to check v40. Users will have to wait for NG to fix the device naming problem or revert back and wait till the fix comes from NG. Up to users to use it or not. Complaining doesn't solve anything.
@Wire1852 wrote:
@FURRYe38 wrote:https://kb.netgear.com/000061393/RBR50-RBS50-Firmware-Version-2-5-0-40-Hot-Fix
Are you insane? You're pointing people to a hot fix that is on top of 2.5.0.38 that people have been experiencing issues with for the last 2 weeks. Netgear indicate the hot fix only fixes the security certificate issue. All the other issues in 2.5.0.38 are still in this hot fix.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
NG recently released hot fix v2.3.5.34 to attempt to update the expired https certificate. However, they replaced it with a self-signed certificate instead of one issued by a certificate authority (CA). This still causes browsers to not trust the https URL for the router.
Here is the certifcate error shown on Firefox 70.0.1 for the v2.3.5.34 firmware:
orbilogin.net uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
I do not have v2.5.0.40 hot fix installed due to the major bug in device naming that it introduced. So I do not know if it likewise has a self-signed certificate instead of a valid CA issued certificate. If someone is running v2.5.0.40, can you check the certificate and report back? And open a ticket with NG if it likewise is self-signed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
I knew I forgot to do something last nite. I check today after work if someone doesn't responde back sooner.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Amazing, Netgear right hand does apparently not know whet the left hand is doing. I already wondered and queried half a year ago what the plan is considering they have a properly Entrust CA signed certificate for the [www.]routerlogin.[net|com] DNS names however the Orbi specific DNS names have not been added - here on an Nighthawk R9000:
FWIW @tomschmidt the certificate can never be valid as long as you are accessing the router by an IP address. But of course, the self-sign is utterly useless anyway. [Edit: Just spotted that the text result comes from an access with the right DNS name: orbilogin.net uses an invalid security certificate.]
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Thanks for the observation regarding certificates linked to DNS names rather than IP. One of the implications is that when an Orbi is set up to allow Remote Management, the remote web browser will always complain about the Cert, even when it is issued by Entrust.
This is because Remote Management can only be done by https to the Orbi public IP. None of the Entrust DNS names will resolve to the Orbi public IP. Since Orbi is resolving DNS internally, it maps those DNS names to its own internal IP when a user want to access the Orbi web interface from a local client.
Maybe that's a reason Netgear wasn't diligent with renewing the Cert. Internal access can use http, so the Cert doesn't matter. External access cannot use the DNS names, so the Cert will always be rejected.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Well @CrimpOn - everybody does want to see https, it's obsolete (sigh), security "audit" tools with average policies (see Netgear Armor) complain if there is still http in the network. And nobody does care about the bigger picture - even if enabling https at any cost will put up even more nag messages than what plain http would.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Well this is all I get when using routerlogin.net with FF with v40 loaded on the RBR50:
I cleared all caches and previously used login PWs and information out of the browser. Exited the browser and re-started it. Saw nothing of warninng page given by FF about a security risk. Only see that the link to the routerlogin.net or 192.168.0.1 IP address gives information that it's not secure, i.e. HTTP vs HTTPS.
@tomschmidt wrote:NG recently released hot fix v2.3.5.34 to attempt to update the expired https certificate. However, they replaced it with a self-signed certificate instead of one issued by a certificate authority (CA). This still causes browsers to not trust the https URL for the router.
Here is the certifcate error shown on Firefox 70.0.1 for the v2.3.5.34 firmware:
orbilogin.net uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
I do not have v2.5.0.40 hot fix installed due to the major bug in device naming that it introduced. So I do not know if it likewise has a self-signed certificate instead of a valid CA issued certificate. If someone is running v2.5.0.40, can you check the certificate and report back? And open a ticket with NG if it likewise is self-signed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Same (?) problem here... now I get a red triangle "not secure" warning on Chrome... what is this? Can it be fixed? (no remote management, just using local LAN address)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Sorry my previous screengrab used the IP address instead of the DNS name. Here is an updated image using https://orbilogin.net/ with Firefox, including the "View Certificate" popup window.
@schumaku wrote:Amazing, Netgear right hand does apparently not know whet the left hand is doing. I already wondered and queried half a year ago what the plan is considering they have a properly Entrust CA signed certificate for the [www.]routerlogin.[net|com] DNS names however the Orbi specific DNS names have not been added - here on an Nighthawk R9000:
FWIW @tomschmidt the certificate can never be valid as long as you are accessing the router by an IP address. But of course, the self-sign is utterly useless anyway. [Edit: Just spotted that the text result comes from an access with the right DNS name: orbilogin.net uses an invalid security certificate.]
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@FURRYe38 wrote:Well this is all I get when using routerlogin.net with FF with v40 loaded on the RBR50:
...
Saw nothing of warninng page given by FF about a security risk. Only see that the link to the routerlogin.net or 192.168.0.1 IP address gives information that it's not secure, i.e. HTTP vs HTTPS.
That's because you called the router by http instead of https - see the header of the FF security status info. There is (much) less alarm noise whe using http vs. using https with a self-signed certificate or a non-DNS-name-matching URL. And luckily, there is no forced redirect tp https.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
@SergioRZ wrote:Same (?) problem here... now I get a red triangle "not secure" warning on Chrome... what is this?
Click on that "Not secure" bar and use the "Learn more". ....
@SergioRZ wrote:Can it be fixed? (no remote management, just using local LAN address)
Not really, and not fully. For a typical home network what we can consider reasonably secure, you can still use http instead of https.
Netgear should add a "correct" signed certificate (and private key) for the documented domain names like orbilogin.net or routerlogin.com - ideally here should be the ability to create a CSR (certificate signature request) to be signed by a CA and the ability to upload user supplied certificates.
Here again, the trust chain is broken when using an IP address - certificate is always linked to a DNS name, like orbilogin.net - even with the best valid certificate, when using IP, the browser will complain.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Can you post a picture of the message?
Which firmware version is on this Orbi?
What modem (brand/model) is the Orbi connected to?
I run Exchange Email on my Androd, and get no certificate errors.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear Orbi RBK50 - Web certificate expired yesterday (Aug 2, 2019)
Update to v2.5.1.8...
@PhillipPino wrote:
Just installed my Orbi with one satellite last night. And getting the very warning on my phone for my exchange server. Was the overall cert issue resolved? Why is it even trying to hijack my session to places that aren’t routerlogin.net?
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more