@yklee wrote:
The certificate on the Orbi RBR40 router model expired on 3rd August 2019. Would have thought Netgear would have noticed and updated it in the 8 months since.
There are several l-o-n-g posts about Orbi's SSL certificate. Yes, Netgear totally "dropped the ball" last summer and failed to renew the SSL certificate for a number of internet domains, including routerlogin.net, orbilogin.net, orbilogin.com (and I think a few more). For the "50" router, Netgear has attempted to fix this by creating a "self-signed" certificate, which of course modern browsers reject.
Not to be snarky, but my "conspiracy theory" is that those domains are "no longer for sale" and Netgear simply cannot renew them. Why should Netgear own the SSL cert for "routerlogin.net"?
In at least one of the posts, someone commented that Netgear's use of a single SSL certificate on 1,000's of individual routers placed all over the world is not exactly what SSL was created for. That is, SSL is intended to guarantee that "I am who I say I am." So, when I tell my browser to go to "https://ibm.com" and the web site returns SSL information, the browser looks up the cert and the independent authority replies, "Yes, that cert was issues to ibm.com. You're safe." (I may have garbled some of this.)
But on Netgear routers, the router intercepts a DNS request for "orbilogin.net" and returns its own IP address. Then says, "oh, yeah, you can trust me because I signed my own certificate!"
And, I believe the SSL cert only works when a web browser asks to connect using DNS. Connecting to an IP address, such as 192.168.1.1 doesn't force a "name lookup".
Sorry for the long ramble (I can only play with the cat for so long.) IT IS A MESS.
