- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Expired tls certificate for RBR40 in firmware 2.3.5.32
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Expired tls certificate for RBR40 in firmware 2.3.5.32
The certificate on the Orbi RBR40 router model expired on 3rd August 2019. Would have thought Netgear would have noticed and updated it in the 8 months since.
And apparently while this is being fixed in the RBK50 v2.5.1.8 firmware (https://community.netgear.com/t5/Orbi/Netgear-Orbi-RBK50-Web-certificate-expired-yesterday-Aug-2-201...) , no one is looking at other models in the product family?!?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Expired tls certificate for RBR40 in firmware 2.3.5.32
I would make contact with NG support about this:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Expired tls certificate for RBR40 in firmware 2.3.5.32
@yklee wrote:The certificate on the Orbi RBR40 router model expired on 3rd August 2019. Would have thought Netgear would have noticed and updated it in the 8 months since.
There are several l-o-n-g posts about Orbi's SSL certificate. Yes, Netgear totally "dropped the ball" last summer and failed to renew the SSL certificate for a number of internet domains, including routerlogin.net, orbilogin.net, orbilogin.com (and I think a few more). For the "50" router, Netgear has attempted to fix this by creating a "self-signed" certificate, which of course modern browsers reject.
Not to be snarky, but my "conspiracy theory" is that those domains are "no longer for sale" and Netgear simply cannot renew them. Why should Netgear own the SSL cert for "routerlogin.net"?
In at least one of the posts, someone commented that Netgear's use of a single SSL certificate on 1,000's of individual routers placed all over the world is not exactly what SSL was created for. That is, SSL is intended to guarantee that "I am who I say I am." So, when I tell my browser to go to "https://ibm.com" and the web site returns SSL information, the browser looks up the cert and the independent authority replies, "Yes, that cert was issues to ibm.com. You're safe." (I may have garbled some of this.)
But on Netgear routers, the router intercepts a DNS request for "orbilogin.net" and returns its own IP address. Then says, "oh, yeah, you can trust me because I signed my own certificate!"
And, I believe the SSL cert only works when a web browser asks to connect using DNS. Connecting to an IP address, such as 192.168.1.1 doesn't force a "name lookup".
Sorry for the long ramble (I can only play with the cat for so long.) IT IS A MESS.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Expired tls certificate for RBR40 in firmware 2.3.5.32
i mean, seriously, if netgear cannot even manage a self-signed cert, the decent thing would be to at least allow advanced users to substitute their own certs through the webadmin portal, its trivial programming.
<end rant> 😅
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Expired tls certificate for RBR40 in firmware 2.3.5.32
SSL certs appear to be a bit more complicated that I had originally thought (ignorance being "bliss" for sure).
My impression is that the problem with self-signed certs is not that Netgear "messed it up", but that browsers have a table of recognized certificate authorities which they will trust and no self-signed cert is going to be recognized as one of those authorities. I suspect this because at least a couple of times a year one of the Microsoft updates has a comment about "Updating Certificate Authorities".
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more