08-24-2024 10:20 AM
I just was trying to reset my security certificate so I could secure my router. It seems part of the process has changed and the instructions in the link below may not be completely accurate.
One thing I notice, since it now appears to be working, is the name of the certificate has changed and now has the full router description.
Possibly, some changes were needed to use the Advanced Encryption from the last firmware update for MLO.
Thanks for reading.
Solved! Go to Solution.
08-24-2024 01:57 PM
That's interesting, thanks for sharing. I did that before with I think the AXE16000.
A couple of notes from what I understood:
1. The connection is supposedly secure whether or not you install the certificate. (I believe this, but I could be wrong).
2. The certificate verifies the identity of the computer as a trusted client. (This does not affect the security of the connection. Again this is what I understood but I could be wrong).
08-24-2024 01:57 PM
That's interesting, thanks for sharing. I did that before with I think the AXE16000.
A couple of notes from what I understood:
1. The connection is supposedly secure whether or not you install the certificate. (I believe this, but I could be wrong).
2. The certificate verifies the identity of the computer as a trusted client. (This does not affect the security of the connection. Again this is what I understood but I could be wrong).
08-24-2024 03:27 PM
It has bothered me for a while that the router showed an insecure when I was using the Weg GUI. If you contact the router using Https then, without the certificate, it will throw up that error message, so that isn't acceptable.
I have also gotten involved with VPN by setting up the OpenVPN server on the router using the OpenVPN client.
I have another machine using the Windows VPN.
When I went to the NordVPN site, without the VPN active, I was surprised to see what information their site could get from that connection. With the VPN, they could not get that same info.
Using an Https: site appear to be safe, but an http: version is not a good for security.
Thanks for the response.
08-24-2024 10:01 PM
Thanks for sharing this security information/concern.
When you access the router configuration page it is between local IPs, say 192.168.50.2 (PC) to 192.168.50.1 (router). I'm doubt any data is being passed beyond the router/LAN to the WAN side where it could be sniffed, prodded, etc. Any bad intending device would have to get across your router and there would not be any NAT data in a purely local connection? (Just a hunch not substantiated by hard data)...
08-25-2024 06:10 AM
You may be correct, but the wireless transmission between the computer and the routes is exposed. Since it is not Https: then it can be sniffed. I have to assume that is the reason the WEB GUI shows not secured and a warning pops up, even if you use Https: without the certificate.
I have anywhere from 6 to 10 available networks showing on my Wi-Fi. If one of those was a bad actor, then ASUS is warning me to be careful. I don't really worry about it that much but being a little more secure, cannot hurt.
Maybe you don't remember the situation where Best Buy was using Wi-Fi to communicate from their checkout counters to their server and someone in the parking lot was sniffing those communications and stealing credit card numbers. Would that not be a device to a server type of communication?
08-25-2024 06:24 AM
Shame on me...
Completely forgot about WiFi. I was only considering Ethernet...
08-25-2024 06:26 AM
Yea, it is really hard to sniff Ethernet. 😊
08-28-2024 10:04 AM
I have the GT-BE98 (as based in the UK). One thing I've noticed is that SSL certificate is no longer valid after rebooting (or power cycling) the GT-BE98 router. You get error message: Your connection isn't private - net::ERR_CERT_AUTHORITY_INVALID. I need to re-export and re-install SSL certificate into Current User / Trusted Root Certification Authorities to get HTTPS access working again without error. Router on latest f/w 3.0.0.6.102_34372, PC running Windows 11 Pro and Microsoft Edge browser (latest version/updates). I've used the feedback on the router to inform Asus of this the issue.
I don't encounter this happening with the GT-AX6000 or RT-AX88U routers.
08-28-2024 12:05 PM
I started by removing the old certificate from the certificate store. That certificate used to be stored last in the list, but the new one went up in alphabetical order starting with GT-BE98.
When I exported the new certificate, it did not export as a cert.tar but a cert.crt. I just installed that version, and it seems to be working fine now.
It did take me several tries to get it correct.
08-28-2024 01:54 PM - edited 08-28-2024 01:55 PM
I known what you mean - I've become quite adept at clearing out the certificate store... Definitely a f/w bug - seen this now on two GT-BE98s. Other Asus routers don't have this issue (GT-AX6000, RT-AX88U, etc. on stock and merlin f/w).