Home

Forums

Stories

Knowledge Base

Home Network CommunityDSL Modem&RoutersCA Certificate Warnings

DSL Modem&Routers

CA Certificate Warnings

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

CA Certificate Warnings

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

RocknRollTim

2019-10-06 09:49:48 - last edited 2019-10-25 11:15:16

Posts: 3

Helpful: 0

Solutions: 1

Stories: 0

Registered: 2019-10-06

CA Certificate Warnings

2019-10-06 09:49:48 - last edited 2019-10-25 11:15:16

Model: Archer VR400

Hardware Version: V2

Firmware Version: 0.2.0 0.9.1 v0070.0

Hi all,

Hope you can help. I am trying to rectify a few certificate warnings for the router login page in both Windows 10 1903 with FireFox 69.0.2 and in IOS 13.1.2 with Chrome 77.0.3865.103, Edge 44.8.7 and FireFox 19.1 (16203). I have rectified the certificate warnings for the latest versions of Chrome, Edge and Internet Explorer in Windows 10 as well as the latest version of Safari in IOS 13 but not for the web browsers as stated above. Below are the warnings I get in each web browser.

FireFox 69.0.2 - Connection is Not Sure - This page uses weak encryption

Chrome 77.0.3865.103 - Your connection is not private - NET::ERR_CERT_AUTHORITY_INVALID

Edge 44.8.7 - This site is not secure - I have to tap Continue twice in order to get to router login page.

FireFox 19.1 (16203) - This Connection Is Untrusted

I have read that the certificate warnings for FireFox are due to the fact that TLS 1.0, 1.1 and 1.2 are enabled and need to be replaced with TLS 1.3 in order to rectify these warnings. I know how to change them on the browser end for FireFox in Windows but I wanted to ask whether there was anyway of enabling TLS 1.3 on the router level rather on the browser level as I can't change this behavior for Chrome, Edge and FireFox in IOS. If so, how I do I go about doing it? If not, will I need to wait until a firmware update becomes available in order to enable TLS 1.3 on the router level.

Your help would be much appreciated.

Kind regards,

RocknRollTim

2 Accepted Solutions

RocknRollTim

LV1

2019-10-08 20:03:24 - last edited 2019-10-25 11:15:16

Posts: 3

Helpful: 0

Solutions: 1

Stories: 0

Registered: 2019-10-06

Re:CA Certificate Warnings-Solution

2019-10-08 20:03:24 - last edited 2019-10-25 11:15:16

@Kevin_Z I enabled local management using HTTPS via the web UI before diagnosing the certificate warnings. I enabled local management using HTTPS in order to mitigate against numerous attacks such as man-in-the-middle as read from numerous sources on the Internet.

I overcame the certificate warnings for Chrome, Edge and Internet Explorer in Windows 10 by adding the certificate to the Trusted Root Certification Authorities store, the same was achieved for Safari in IOS 13, again using several sources on the Internet.

I also read on the Internet that FireFox for Windows no longer uses the Trusted Root Certification Authorities store and uses its own certificate store on a per user basis by default which I do not why Mozilla decided upon this decision, however this behaviour can be overridden by amending the configuration file by accessing about:config and changing the value for security.enterprise_roots.enabled to true in order to use the Trusted Root Certification Authorities store which I did. FireFox in Windows complains that the connection is not sure and that the page uses weak encryption which I cannot amend from the server end i.e. the router in this scenario as the options to change the encryption protocol for the certificate are not available via the web UI.

I have had no problems in diagnosing the certificate warnings in Android 6.0.1 for the latest versions of Chrome, Edge and FireFox using the Trusted Root Certification Authorities store, however with IOS 13, Chrome, Edge and FireFox all give certificate warnings similar to FireFox in Windows, again all the latest versions.

I wanted to diagnose these certificate warnings as I am a person who likes to follow best security practices. If it’s just a case that I cannot fully resolve these certificate warnings and have to wait for TP-Link to release a new firmware update then I guess I will have to perceive for now.

Kevin_Z wrote

@RocknRollTim

First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:

The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.

Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.

May it help and have a good day.

Recommended Solution

Kevin_Z

2019-10-11 07:00:53 - last edited 2019-10-25 11:15:36

Posts: 17026

Helpful: 1627

Solutions: 1961

Stories: 17

Registered: 2018-12-24

Re:CA Certificate Warnings-Solution

2019-10-11 07:00:53 - last edited 2019-10-25 11:15:36

@RocknRollTim

Thanks for your reply.

There is a plan to add one mesh feature to Archer VR400 V2, so a new firmware is expected.

You can keep an eye on official website for the updates.

Good day.

Recommended Solution

5 Reply

Kevin_Z

2019-10-08 07:40:08 - last edited 2019-10-08 07:40:19

Posts: 17026

Helpful: 1627

Solutions: 1961

Stories: 17

Registered: 2018-12-24

Re:CA Certificate Warnings

2019-10-08 07:40:08 - last edited 2019-10-08 07:40:19

@RocknRollTim

First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:

The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.

Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.

May it help and have a good day.

RocknRollTim

LV1

2019-10-08 20:03:24 - last edited 2019-10-25 11:15:16

Posts: 3

Helpful: 0

Solutions: 1

Stories: 0

Registered: 2019-10-06

Re:CA Certificate Warnings-Solution

2019-10-08 20:03:24 - last edited 2019-10-25 11:15:16

Kevin_Z wrote

@RocknRollTim

First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:

The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.

Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.

May it help and have a good day.

Recommended Solution

Kevin_Z

2019-10-11 07:00:53 - last edited 2019-10-25 11:15:36

Posts: 17026

Helpful: 1627

Solutions: 1961

Stories: 17

Registered: 2018-12-24

Re:CA Certificate Warnings-Solution

2019-10-11 07:00:53 - last edited 2019-10-25 11:15:36

@RocknRollTim

Thanks for your reply.

There is a plan to add one mesh feature to Archer VR400 V2, so a new firmware is expected.

You can keep an eye on official website for the updates.

Good day.

Recommended Solution

RocknRollTim

LV1

2019-10-12 22:59:51

Posts: 3

Helpful: 0

Solutions: 1

Stories: 0

Registered: 2019-10-06

Re:CA Certificate Warnings

2019-10-12 22:59:51

@Kevin_Z

Thanks for letting me know, I will keep an eye out on the official website for the next firmware update.

Thank you for your help.

Many thanks,

RocknRollTim

Kevin_Z

2019-10-14 01:28:42

Posts: 17026

Helpful: 1627

Solutions: 1961

Stories: 17

Registered: 2018-12-24

Re:CA Certificate Warnings

2019-10-14 01:28:42

@RocknRollTim

Thanks for your reply, it is glad to help you.

You can wait for the updates.

And if need any further help, please let us know.

Good day.

CA Certificate Warnings

CA Certificate Warnings

Information

Voters 0

Tags