Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Session closed with error when uploading CA certificate

rtr
Tutor
Tutor
‎2017-01-19 04:52 PM
‎2017-01-19 04:52 PM

Session closed with error when uploading CA certificate

Hello,

 

I have a FVS318N, firmware version 4.3.4-2.

I'm trying to upload a CA certificate in the VPN/Certificates, but this fails.

The session is suddenly closed with simply  the following message:

 

While loading the page critical error encountered.

 

Then the following message (the cookie/hash replaced with  ****, no idea were this TeamF1Login is coming from):

Set-Cookie: TeamF1Login=*******************************************; expires=Wednesday, 31-Dec-1969 23:59:59 GMT

I have tried with the following self signed cert (sha1/ RSA, 2048 bits) :

-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgIJALaO3EfrAtYCMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV
BAYTAlhYMQ8wDQYDVQQIDAZDb3Ntb3MxDzANBgNVBAcMBk1pZGRsZTEMMAoGA1UE
CgwDQk9PMRIwEAYDVQQLDAlCT08gQWRtaW4xFzAVBgNVBAMMDkNvc21vcyBSb290
IENBMB4XDTE3MDEyMDAwMjAwM1oXDTM3MDExNTAwMjAwM1owajELMAkGA1UEBhMC
WFgxDzANBgNVBAgMBkNvc21vczEPMA0GA1UEBwwGTWlkZGxlMQwwCgYDVQQKDANC
T08xEjAQBgNVBAsMCUJPTyBBZG1pbjEXMBUGA1UEAwwOQ29zbW9zIFJvb3QgQ0Ew
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0zw4yUoFcygkU7FFipxJK
gGUG6pSl9m3s7B8JppxhDxsFW8DmibvUpF/sUufSFUFl9VUBPZrJmGaogiKI8HTX
GS616k2XPJgklX+QvMYiZAeK6Z7JpYwxY9Jgyc5XnoSZJ4PfIHZX10YpIIUkFNdi
SooZtefDCOQAtajT5J/+Wrezf3pq+zQh7055T/3v3qpYeI2QySIJUMNzVsAQaToP
L/PXeQrD9fc51296B5HFQ4oYd2JHDB0djbBT6aC/2+r2BLjNMcm3VX9lbjft7XNk
WsqWk6/hb/Z3WkZR8AHLdWt5jkroJ6q77Jn84o0d7iL3zKv+Rq0Qc78jSAhpzmXF
AgMBAAGjYzBhMB0GA1UdDgQWBBQqhR1u+hQvDzarUog7ZMQ3T5NAjjAfBgNVHSME
GDAWgBQqhR1u+hQvDzarUog7ZMQ3T5NAjjAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
DwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAxNSA2tf+UjK/fBqEg20rkRuo
oMN2HIQOCPG/6NswS+fOyD2oRr1Eyjloi19kUYL11dyAsINV9ioOpjQOJNmcEjvk
LNM/g0w3me0QxfMKMumF+WoJE/NTivWljHXsSeIIJd6CFU5Cr+GDL9wLfMzpowNV
0O01fQx/bvd0iGSlsOT0KJbKT/gOqjs+azNlX1xatjAeFcPF1VSQ0ZFAtiUdQMTq
jkBOd39YaAbjrInOumvl7w9LXlTQUAR/HgcGh7PC6MHoCjNIj/dbvt1xgyg2MvtA
hl6OLZ4MDjIfWvaI4Amo02OyX3ZMoPbSNpz4/sm/rxjitXFdil1jxn98ZRUV8w==
-----END CERTIFICATE-----

I've also tried some "official" CA certificates (versisign) -  sha1 or sha256 won't make any difference, I'm thrown out the sesion.

 

When the session is closed the page looks strange, on the same page there's the error message up, then a line about the cookie and in the lowest part there's the login dialogue:

 screenshot

 

No message about the certificate being invalid whatsoever.

 

Anyone seen this?

Model: FVS318N|ProSafe Wireless N 8 port gigabit VPN firewall
Message 1 of 10
0 Kudos
Reply
train_wreck
Luminary
Luminary
‎2017-01-19 10:28 PM
‎2017-01-19 10:28 PM

Re: Session closed with error when uploading CA certificate

dumb stuff, but is the time/date set on the FVS?

 

also, the CA cert has to be in .PEM (text-readable) format (it probably already is, if you can copy/pase the raw data from it into the forum here)

Message 2 of 10
0 Kudos
Reply
rtr
Tutor
Tutor
‎2017-01-19 11:53 PM
‎2017-01-19 11:53 PM

Re: Session closed with error when uploading CA certificate

Time is set via ntp. It looks ok.
The certificate is ascii encoded - I pasted above the full content of the file, you should be able to check its content with openssl for instance.
I would add that the router is new (after rma due to a firmware update failure). It was first upgraded to 4.3.4-2 and only then configured by hand, screen by screen ( not from the config backup file). Nothing fancy, but I don't feel like resetting it and start over 😕

Message 3 of 10
0 Kudos
Reply
train_wreck
Luminary
Luminary
‎2017-01-20 12:47 AM
‎2017-01-20 12:47 AM

Re: Session closed with error when uploading CA certificate

weird. As is often the case with these routers, you may have to factory reset after the firmware upgrade, as annoying as that process is.

 

FWIW i eventually was able to get a self-signed CA/CSR/cert generated/installed on the FVS318G device, which is very similar to the 318N. Both that device and an FVS336G are on the same firmware version 4.3.4-2. I used openssl on a Linux machine to generate the CA/certs. I have heard from Netgear that the device does not support SHA-2 family certs, and have encountered other limitations in the cert implementation that prevented me from using any FVS devices in production.

Message 4 of 10
0 Kudos
Reply
rtr
Tutor
Tutor
‎2017-01-20 01:20 AM
‎2017-01-20 01:20 AM

Re: Session closed with error when uploading CA certificate

reset after upgrade:done that (I just didn't mention that step)

I had seen your thread before posting. I had first sha256 / 4096b CA certificates. After reading your post, I switched to (deprecated) sha1 +shorter rsa2048 keys. Same problem. Then thought it might be due to openssl and tried to upload VeriSign one(sha1). No go.

Rather disappointing all this, lots of time wasted. I do think this is a bug, but no way to report it elsewhere.
I think I had my part with netgear - two RMAs for bricked router during upgrade, bugs in firnware, deprecated protocols ...
I'll wait a couple of days too see if anyone from netgear looks into this before eventually looking for a replacement.
Message 5 of 10
0 Kudos
Reply
rtr
Tutor
Tutor
‎2017-01-20 09:36 AM
‎2017-01-20 09:36 AM

Re: Session closed with error when uploading CA certificate

@train_wreck: do you happen to have one of the routers handy, available for testing, running the same firmware level - in addition of some time to waste?
if yes, can you please try to add the CA certificate from my first post in the VPN/certificate/CA certificate ? Mainly to see if that shuts the session in your face.
Thanks anyway for your time!
Message 6 of 10
0 Kudos
Reply
rtr
Tutor
Tutor
‎2017-01-21 04:44 PM
‎2017-01-21 04:44 PM

Re: Session closed with error when uploading CA certificate

Fund out that adding certificates ONLY works if connected with "admin" user.

Connected with another user (type=Administrator, obviously) and get the above error.

I prefer disabling "admin" user logins and use other administrator users with names not unveiling their purpose ("admin" user name can't be changed)

 

I hope netgears reads and fixes this, it's a  a shame.

 

Thanks @train_wreck for breaking a bit the silence in my  thread 🙂

 

Message 7 of 10
0 Kudos
Reply
train_wreck
Luminary
Luminary
‎2017-01-21 09:47 PM
‎2017-01-21 09:47 PM

Re: Session closed with error when uploading CA certificate

ugh, what a stupid bug.

Message 8 of 10
0 Kudos
Reply
rtr
Tutor
Tutor
‎2017-01-27 02:01 AM
‎2017-01-27 02:01 AM

Re: Session closed with error when uploading CA certificate

This is definitely a bug, but I can't report it.

The firewall is registered but displays lifetime hardware guarantee only, no chat/phone/other support.

 

Is there anybody from Netgear monitoring these threads ?!

Message 9 of 10
0 Kudos
Reply
train_wreck
Luminary
Luminary
‎2017-01-27 02:56 AM
‎2017-01-27 02:56 AM

Re: Session closed with error when uploading CA certificate

@rtr wrote:

Is there anybody from Netgear monitoring these threads ?!

 

It's been a week since you first posted this, so the chances of an official employee responding are falling rapidly. I will say that I have received very little info about the numerous certificate-related issues I've encountered on the FVS routers; my thread several months back about getting cert-based remote access (Mode Config) working got no bites, as did other topics/IMs from before.

Message 10 of 10
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 9 replies
  • ‎2017-01-19 04:52 PM
  • 4668 views
  • 0 kudos
  • 2 in conversation
Announcements