- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Session closed with error when uploading CA certificate
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Session closed with error when uploading CA certificate
Hello,
I have a FVS318N, firmware version 4.3.4-2.
I'm trying to upload a CA certificate in the VPN/Certificates, but this fails.
The session is suddenly closed with simply the following message:
While loading the page critical error encountered.
Then the following message (the cookie/hash replaced with ****, no idea were this TeamF1Login is coming from):
Set-Cookie: TeamF1Login=*******************************************; expires=Wednesday, 31-Dec-1969 23:59:59 GMT
I have tried with the following self signed cert (sha1/ RSA, 2048 bits) :
-----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgIJALaO3EfrAtYCMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV BAYTAlhYMQ8wDQYDVQQIDAZDb3Ntb3MxDzANBgNVBAcMBk1pZGRsZTEMMAoGA1UE CgwDQk9PMRIwEAYDVQQLDAlCT08gQWRtaW4xFzAVBgNVBAMMDkNvc21vcyBSb290 IENBMB4XDTE3MDEyMDAwMjAwM1oXDTM3MDExNTAwMjAwM1owajELMAkGA1UEBhMC WFgxDzANBgNVBAgMBkNvc21vczEPMA0GA1UEBwwGTWlkZGxlMQwwCgYDVQQKDANC T08xEjAQBgNVBAsMCUJPTyBBZG1pbjEXMBUGA1UEAwwOQ29zbW9zIFJvb3QgQ0Ew ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0zw4yUoFcygkU7FFipxJK gGUG6pSl9m3s7B8JppxhDxsFW8DmibvUpF/sUufSFUFl9VUBPZrJmGaogiKI8HTX GS616k2XPJgklX+QvMYiZAeK6Z7JpYwxY9Jgyc5XnoSZJ4PfIHZX10YpIIUkFNdi SooZtefDCOQAtajT5J/+Wrezf3pq+zQh7055T/3v3qpYeI2QySIJUMNzVsAQaToP L/PXeQrD9fc51296B5HFQ4oYd2JHDB0djbBT6aC/2+r2BLjNMcm3VX9lbjft7XNk WsqWk6/hb/Z3WkZR8AHLdWt5jkroJ6q77Jn84o0d7iL3zKv+Rq0Qc78jSAhpzmXF AgMBAAGjYzBhMB0GA1UdDgQWBBQqhR1u+hQvDzarUog7ZMQ3T5NAjjAfBgNVHSME GDAWgBQqhR1u+hQvDzarUog7ZMQ3T5NAjjAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud DwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAxNSA2tf+UjK/fBqEg20rkRuo oMN2HIQOCPG/6NswS+fOyD2oRr1Eyjloi19kUYL11dyAsINV9ioOpjQOJNmcEjvk LNM/g0w3me0QxfMKMumF+WoJE/NTivWljHXsSeIIJd6CFU5Cr+GDL9wLfMzpowNV 0O01fQx/bvd0iGSlsOT0KJbKT/gOqjs+azNlX1xatjAeFcPF1VSQ0ZFAtiUdQMTq jkBOd39YaAbjrInOumvl7w9LXlTQUAR/HgcGh7PC6MHoCjNIj/dbvt1xgyg2MvtA hl6OLZ4MDjIfWvaI4Amo02OyX3ZMoPbSNpz4/sm/rxjitXFdil1jxn98ZRUV8w== -----END CERTIFICATE-----
I've also tried some "official" CA certificates (versisign) - sha1 or sha256 won't make any difference, I'm thrown out the sesion.
When the session is closed the page looks strange, on the same page there's the error message up, then a line about the cookie and in the lowest part there's the login dialogue:
No message about the certificate being invalid whatsoever.
Anyone seen this?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
dumb stuff, but is the time/date set on the FVS?
also, the CA cert has to be in .PEM (text-readable) format (it probably already is, if you can copy/pase the raw data from it into the forum here)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
The certificate is ascii encoded - I pasted above the full content of the file, you should be able to check its content with openssl for instance.
I would add that the router is new (after rma due to a firmware update failure). It was first upgraded to 4.3.4-2 and only then configured by hand, screen by screen ( not from the config backup file). Nothing fancy, but I don't feel like resetting it and start over 😕
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
weird. As is often the case with these routers, you may have to factory reset after the firmware upgrade, as annoying as that process is.
FWIW i eventually was able to get a self-signed CA/CSR/cert generated/installed on the FVS318G device, which is very similar to the 318N. Both that device and an FVS336G are on the same firmware version 4.3.4-2. I used openssl on a Linux machine to generate the CA/certs. I have heard from Netgear that the device does not support SHA-2 family certs, and have encountered other limitations in the cert implementation that prevented me from using any FVS devices in production.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
I had seen your thread before posting. I had first sha256 / 4096b CA certificates. After reading your post, I switched to (deprecated) sha1 +shorter rsa2048 keys. Same problem. Then thought it might be due to openssl and tried to upload VeriSign one(sha1). No go.
Rather disappointing all this, lots of time wasted. I do think this is a bug, but no way to report it elsewhere.
I think I had my part with netgear - two RMAs for bricked router during upgrade, bugs in firnware, deprecated protocols ...
I'll wait a couple of days too see if anyone from netgear looks into this before eventually looking for a replacement.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
if yes, can you please try to add the CA certificate from my first post in the VPN/certificate/CA certificate ? Mainly to see if that shuts the session in your face.
Thanks anyway for your time!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
Fund out that adding certificates ONLY works if connected with "admin" user.
Connected with another user (type=Administrator, obviously) and get the above error.
I prefer disabling "admin" user logins and use other administrator users with names not unveiling their purpose ("admin" user name can't be changed)
I hope netgears reads and fixes this, it's a a shame.
Thanks @train_wreck for breaking a bit the silence in my thread 🙂
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
ugh, what a stupid bug.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
This is definitely a bug, but I can't report it.
The firewall is registered but displays lifetime hardware guarantee only, no chat/phone/other support.
Is there anybody from Netgear monitoring these threads ?!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Session closed with error when uploading CA certificate
@rtr wrote:Is there anybody from Netgear monitoring these threads ?!
It's been a week since you first posted this, so the chances of an official employee responding are falling rapidly. I will say that I have received very little info about the numerous certificate-related issues I've encountered on the FVS routers; my thread several months back about getting cert-based remote access (Mode Config) working got no bites, as did other topics/IMs from before.