https/ssl not working for OC-200. Certificate Invalid
For the past several weeks (prior to, and with current version of OC-200 Firmware -- released today), my browser (Chrome) is refusing to encrypt my connection to the OC-200. It claims that the encryption certificate is invalid (though the expiration date is fine).
Since my OC-200 is on a private intranet I'm not overly concerned. But, I would hope that the connection to the Omada cloud are secure/encrypted.
Thoughts?
-Jonathan
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
JSchnee21 wrote
For the past several weeks (prior to, and with current version of OC-200 Firmware -- released today), my browser (Chrome) is refusing to encrypt my connection to the OC-200. It claims that the encryption certificate is invalid (though the expiration date is fine).
Since my OC-200 is on a private intranet I'm not overly concerned. But, I would hope that the connection to the Omada cloud are secure/encrypted.
Thoughts?
-Jonathan
The OC200 support TLS 1.2, you will always use https to access the management page of it, it is encrypted and secure. For this Certificate Information, it may because OC200 use the private certificate. It's OK for using, you can just trust it.
- Copy Link
- Report Inappropriate Content
OC200 uses a self-signed certificate. Seems that it somehow got deleted from the list of trusted certificates on your PC (if it was installed before at all).
Just install the certificate as the message says. Usually it does so automatically if you insist to connect to the OC200 in Chrome.
If this doesn't help, maybe a newer Chrome version refuses to accept the cipher the certificate is using (what should not be dictated by Chrome at all, but Google wants to force people to use strong ciphers and probably latest Chrome doesn't accept TLS 1.2 anymore).
- Copy Link
- Report Inappropriate Content
What's really strange is that if I go to Omada cloud first, and then connect into my OC200 it's fine. But if I go direct to the IP address of the OC200 on my LAN, then get the issue.
- Copy Link
- Report Inappropriate Content
@JSchnee21, the cloud works just as a proxy and uses a certificate from DigiCert Global CA, which is a known CA to your browser.
If you store the self-signed certificate in your trust chain, it becomes known to the browser, too, and the browser will behave as it does with a certificate signed by a known CA such as DigiCert.
- Copy Link
- Report Inappropriate Content
As everyone has said its just a self signed certificate
there is no point installing it in your computer certificate store, as it is issued to localhost, which will never be the name of the device you connect to.
TP-Link arent interested in letting you install your own.
which for a business appliance is quite disapointing.
if i had my time again, i would have just used the software controller.
at least there is a painful workaround to installing your own certificate in that.
- Copy Link
- Report Inappropriate Content
doxxie-au wrote
As everyone has said its just a self signed certificate
there is no point installing it in your computer certificate store, as it is issued to localhost, which will never be the name of the device you connect to.
The certificate has been issued for localhost, that's correct.
However, installing the cert in the computer's certificate store allows to connect to the OC200 using its self-signed certificate w/o the annoying security warning of the browser. Whether the Common Name of the certificate is to be matched against the hostname used to access the OC200 can be specified by the trust level for SSL/TLS connections, too:
BTW: In the upcoming Omada SDN Controller you can indeed upload your own self-signed or official certificate to OC200.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3893
Replies: 6
Voters 0
No one has voted for it yet.