CA Certificate Warnings

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

CA Certificate Warnings

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
CA Certificate Warnings
CA Certificate Warnings
2019-10-06 09:49:48 - last edited 2019-10-25 11:15:16
Model: Archer VR400  
Hardware Version: V2
Firmware Version: 0.2.0 0.9.1 v0070.0

Hi all,

 

Hope you can help. I am trying to rectify a few certificate warnings for the router login page in both Windows 10 1903 with FireFox 69.0.2 and in IOS 13.1.2 with Chrome 77.0.3865.103, Edge 44.8.7 and FireFox 19.1 (16203). I have rectified the certificate warnings for the latest versions of Chrome, Edge and Internet Explorer in Windows 10 as well as the latest version of Safari in IOS 13 but not for the web browsers as stated above. Below are the warnings I get in each web browser.

 

FireFox 69.0.2 - Connection is Not Sure - This page uses weak encryption

 

Chrome 77.0.3865.103 - Your connection is not private - NET::ERR_CERT_AUTHORITY_INVALID

 

Edge 44.8.7 - This site is not secure - I have to tap Continue twice in order to get to router login page.

 

FireFox 19.1 (16203) - This Connection Is Untrusted

 

I have read that the certificate warnings for FireFox are due to the fact that TLS 1.0, 1.1 and 1.2 are enabled and need to be replaced with TLS 1.3 in order to rectify these warnings. I know how to change them on the browser end for FireFox in Windows but I wanted to ask whether there was anyway of enabling TLS 1.3 on the router level rather on the browser level as I can't change this behavior for Chrome, Edge and FireFox in IOS. If so, how I do I go about doing it? If not, will I need to wait until a firmware update becomes available in order to enable TLS 1.3 on the router level.

 

Your help would be much appreciated.

 

Kind regards,

 

RocknRollTim 

  0      
  0      
#1
Options
2 Accepted Solutions
Re:CA Certificate Warnings-Solution
2019-10-08 20:03:24 - last edited 2019-10-25 11:15:16

@Kevin_Z I enabled local management using HTTPS via the web UI before diagnosing the certificate warnings. I enabled local management using HTTPS in order to mitigate against numerous attacks such as man-in-the-middle as read from numerous sources on the Internet.

 

I overcame the certificate warnings for Chrome, Edge and Internet Explorer in Windows 10 by adding the certificate to the Trusted Root Certification Authorities store, the same was achieved for Safari in IOS 13, again using several sources on the Internet.

 

I also read on the Internet that FireFox for Windows no longer uses the Trusted Root Certification Authorities store and uses its own certificate store on a per user basis by default which I do not why Mozilla decided upon this decision, however this behaviour can be overridden by amending the configuration file by accessing about:config and changing the value for security.enterprise_roots.enabled to true in order to use the Trusted Root Certification Authorities store which I did. FireFox in Windows complains that the connection is not sure and that the page uses weak encryption which I cannot amend from the server end i.e. the router in this scenario as the options to change the encryption protocol for the certificate are not available via the web UI.

 

I have had no problems in diagnosing the certificate warnings in Android 6.0.1 for the latest versions of Chrome, Edge and FireFox using the Trusted Root Certification Authorities store, however with IOS 13, Chrome, Edge and FireFox all give certificate warnings similar to FireFox in Windows, again all the latest versions.

 

I wanted to diagnose these certificate warnings as I am a person who likes to follow best security practices. If it’s just a case that I cannot fully resolve these certificate warnings and have to wait for TP-Link to release a new firmware update then I guess I will have to perceive for now.  

 

Kevin_Z wrote

@RocknRollTim 

 

First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:

 

The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.

 

Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.

 

May it help and have a good day. 

 

 

Recommended Solution
  0  
  0  
#3
Options
Re:CA Certificate Warnings-Solution
2019-10-11 07:00:53 - last edited 2019-10-25 11:15:36

@RocknRollTim 

 

Thanks for your reply. 

 

There is a plan to add one mesh feature to Archer VR400 V2, so a new firmware is expected.

 

You can keep an eye on official website for the updates. 

 

Good day. 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  0  
  0  
#4
Options
5 Reply
Re:CA Certificate Warnings
2019-10-08 07:40:08 - last edited 2019-10-08 07:40:19

@RocknRollTim 

 

First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:

 

The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.

 

Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.

 

May it help and have a good day. 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:CA Certificate Warnings-Solution
2019-10-08 20:03:24 - last edited 2019-10-25 11:15:16

@Kevin_Z I enabled local management using HTTPS via the web UI before diagnosing the certificate warnings. I enabled local management using HTTPS in order to mitigate against numerous attacks such as man-in-the-middle as read from numerous sources on the Internet.

 

I overcame the certificate warnings for Chrome, Edge and Internet Explorer in Windows 10 by adding the certificate to the Trusted Root Certification Authorities store, the same was achieved for Safari in IOS 13, again using several sources on the Internet.

 

I also read on the Internet that FireFox for Windows no longer uses the Trusted Root Certification Authorities store and uses its own certificate store on a per user basis by default which I do not why Mozilla decided upon this decision, however this behaviour can be overridden by amending the configuration file by accessing about:config and changing the value for security.enterprise_roots.enabled to true in order to use the Trusted Root Certification Authorities store which I did. FireFox in Windows complains that the connection is not sure and that the page uses weak encryption which I cannot amend from the server end i.e. the router in this scenario as the options to change the encryption protocol for the certificate are not available via the web UI.

 

I have had no problems in diagnosing the certificate warnings in Android 6.0.1 for the latest versions of Chrome, Edge and FireFox using the Trusted Root Certification Authorities store, however with IOS 13, Chrome, Edge and FireFox all give certificate warnings similar to FireFox in Windows, again all the latest versions.

 

I wanted to diagnose these certificate warnings as I am a person who likes to follow best security practices. If it’s just a case that I cannot fully resolve these certificate warnings and have to wait for TP-Link to release a new firmware update then I guess I will have to perceive for now.  

 

Kevin_Z wrote

@RocknRollTim 

 

First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:

 

The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.

 

Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.

 

May it help and have a good day. 

 

 

Recommended Solution
  0  
  0  
#3
Options
Re:CA Certificate Warnings-Solution
2019-10-11 07:00:53 - last edited 2019-10-25 11:15:36

@RocknRollTim 

 

Thanks for your reply. 

 

There is a plan to add one mesh feature to Archer VR400 V2, so a new firmware is expected.

 

You can keep an eye on official website for the updates. 

 

Good day. 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  0  
  0  
#4
Options
Re:CA Certificate Warnings
2019-10-12 22:59:51

@Kevin_Z 

 

Thanks for letting me know, I will keep an eye out on the official website for the next firmware update.

 

Thank you for your help.

 

Many thanks,

 

RocknRollTim

  0  
  0  
#5
Options
Re:CA Certificate Warnings
2019-10-14 01:28:42

@RocknRollTim 

 

Thanks for your reply, it is glad to help you. 

 

You can wait for the updates.

 

And if need any further help, please let us know.

 

Good day. 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#6
Options