Enabling Always Use HTTPS to Access Extender breaks connectivity

Yes, it's a nifty issue with the certificate usage bits, for example on the self-signed certificates in use. Explained in depth here.

Thanks for your feedback! I suppose the developer/programmer that added the option didn't understand the ramifications of maintaining certificates. Disabling RSA key usage in chrome doesn't buy me any more security than what I have with http protocol, (chrome --force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch).
 

An encrypted connection to management console would have been nice though. Guess I'll have to rely on strong password. Thanks again.

---

@vpollinzi wrote:

I suppose the developer/programmer that added the option didn't understand the ramifications of maintaining certificates. Disabling RSA key usage in chrome doesn't buy me any more security than what I have with http protocol, (chrome --force-fieldtrials=RSAKeyUsageForLocalAnchors/DisabledLaunch).

That's not the case. For once one of the browser makers again run ahead for something the industry - and even more consumer devices and infrastructures - can't cope with (like fully featured DNS infrastructures, to allow complete https deployment. This does not abandon any https security. Many more vendors are affected by this wonderful rush forward. The browser will just not look for the keyUsage bits like digitalSignature -and- keyEncipherment which does typically not exist on any self-signed and many CA signed certificates. It won't abandon the basic encryption. The browser simply error-out and won't continue in case the keyEncipherment bit is not set.

Thanks for follow-up and elaborating on full scope of the problem. I found instructions on Windows registry modifications for workaround here: https://community.netgear.com/t5/Orbi-Pro-WiFi-for-Small-Business/SSL-error/m-p/2347112

Specifically, create this key in the registry: