Custom SSL Certificate not working on OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Custom SSL Certificate not working on OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Custom SSL Certificate not working on OC200
Custom SSL Certificate not working on OC200
2024-05-25 17:22:59
Tags: #certificate
Model: OC200  
Hardware Version: V1
Firmware Version: 1.29.4 Build 20240304 Rel.54362

Hey there!

 

I requested a trusted SSL certificate from a Certificate Authority and went to the controller to upload both the certificate and key (both in PEM files).

No errors whatsoever. However, after rebooting, the certificate has not changed. I first tried and emptied the cache of my browsers.

And then I came to notice that in my case it had nothing to do with any browser cache, since I also tried to retrieve the certificate details through openssl:

 

❯ openssl s_client -connect 192.168.81.1:443 | openssl x509 -noout -subject
Warning: Reading certificate from stdin since no -in or -new option is given
Connecting to 192.168.81.1
Can't use SSL_get_servername
depth=0 C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link
verify error:num=66:EE certificate key too weak
verify return:1
depth=0 C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link
verify error:num=66:EE certificate key too weak
verify return:1
depth=0 C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link
verify return:1
subject=C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link

 

I get the same output when I try the openssl on the public domain name.

Here is a partial screenshot of the certificates that show up in the GUI (before and) after the reboot.

Caption of GUI

 

There are no log messages that I can find. Using the same SSL cert + key on a dummy Nginx webserver works like a charm.

Am I doing something wrong?

  0      
  0      
#1
Options
3 Reply
Re:Custom SSL Certificate not working on OC200
2024-05-28 07:01:05

 

ChrisVanMeer wrote

Hey there!

 

I requested a trusted SSL certificate from a Certificate Authority and went to the controller to upload both the certificate and key (both in PEM files).

No errors whatsoever. However, after rebooting, the certificate has not changed. I first tried and emptied the cache of my browsers.

And then I came to notice that in my case it had nothing to do with any browser cache, since I also tried to retrieve the certificate details through openssl:

 

❯ openssl s_client -connect 192.168.81.1:443 | openssl x509 -noout -subject
Warning: Reading certificate from stdin since no -in or -new option is given
Connecting to 192.168.81.1
Can't use SSL_get_servername
depth=0 C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link
verify error:num=66:EE certificate key too weak
verify return:1
depth=0 C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link
verify error:num=66:EE certificate key too weak
verify return:1
depth=0 C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link
verify return:1
subject=C=CN, ST=ShenZhen, L=ShenZhen, CN=TP-Link

 

I get the same output when I try the openssl on the public domain name.

Here is a partial screenshot of the certificates that show up in the GUI (before and) after the reboot.

Caption of GUI

 

There are no log messages that I can find. Using the same SSL cert + key on a dummy Nginx webserver works like a charm.

Am I doing something wrong?

Hi @ChrisVanMeer 

May I know whether you have configured the domain name associated to the controller IP address? Could you share some screenshots you tried to login in your browser? Did you log in with the IP address or use the domain name?

 

And please go to global view >settings > System settings > Access Config >Controller hostname/IP, please check if you input the domain name of it is IP address. Please also disable the Auto Refresh IP.

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:Custom SSL Certificate not working on OC200
2024-05-28 07:30:56

Hi @Hank21

 

Here are a few screenshots that hopefully will enlighten you.
I tried logging in with both IP address as well as it's FQDN.

 

 

  0  
  0  
#3
Options
Re:Custom SSL Certificate not working on OC200
2024-05-28 12:52:11

Weird, I tried the Windows way of thinking, aka "If it doesn't work, reboot again".

Now it works. Beats me...

  1  
  1  
#4
Options