https/ssl not working for OC-200. Certificate Invalid

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

https/ssl not working for OC-200. Certificate Invalid

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
https/ssl not working for OC-200. Certificate Invalid
https/ssl not working for OC-200. Certificate Invalid
2020-05-12 15:28:51
Model: OC200  
Hardware Version: V1
Firmware Version: Firmware Version:1.2.2 Build 20200424 Rel.58128 Controller Version:3.2.11

 

For the past several weeks (prior to, and with current version of OC-200 Firmware -- released today), my browser (Chrome) is refusing to encrypt my connection to the OC-200.  It claims that the encryption certificate is invalid (though the expiration date is fine).

 

Since my OC-200 is on a private intranet I'm not overly concerned.  But, I would hope that the connection to the Omada cloud are secure/encrypted.

 

Thoughts?

 

-Jonathan

 

  0      
  0      
#1
Options
6 Reply
Re:https/ssl not working for OC-200. Certificate Invalid
2020-05-13 00:57:26

@JSchnee21 

 

JSchnee21 wrote

 

For the past several weeks (prior to, and with current version of OC-200 Firmware -- released today), my browser (Chrome) is refusing to encrypt my connection to the OC-200.  It claims that the encryption certificate is invalid (though the expiration date is fine).

 

Since my OC-200 is on a private intranet I'm not overly concerned.  But, I would hope that the connection to the Omada cloud are secure/encrypted.

 

Thoughts?

 

-Jonathan

 

 

The OC200 support TLS 1.2, you will always use https to access the management page of it, it is encrypted and secure. For this Certificate Information, it may because OC200 use the private certificate. It's OK for using, you can just trust it.

  0  
  0  
#2
Options
Re:https/ssl not working for OC-200. Certificate Invalid
2020-05-13 02:21:46 - last edited 2020-05-13 02:23:41

OC200 uses a self-signed certificate. Seems that it somehow got deleted from the list of trusted certificates on your PC (if it was installed before at all).

 

Just install the certificate as the message says. Usually it does so automatically if you insist to connect to the OC200 in Chrome.

 

If this doesn't help, maybe a newer Chrome version refuses to accept the cipher the certificate is using (what should not be dictated by Chrome at all, but Google wants to force people to use strong ciphers and probably latest Chrome doesn't accept TLS 1.2 anymore).

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#3
Options
Re:https/ssl not working for OC-200. Certificate Invalid
2020-05-13 19:30:11

What's really strange is that if I go to Omada cloud first, and then connect into my OC200 it's fine.  But if I go direct to the IP address of the OC200 on my LAN, then get the issue.

  0  
  0  
#4
Options
Re:https/ssl not working for OC-200. Certificate Invalid
2020-05-13 19:53:52 - last edited 2020-05-13 19:58:46

@JSchnee21, the cloud works just as a proxy and uses a certificate from DigiCert Global CA, which is a known CA to your browser.

If you store the self-signed certificate in your trust chain, it becomes known to the browser, too, and the browser will behave as it does with a certificate signed by a known CA such as DigiCert.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#5
Options
Re:https/ssl not working for OC-200. Certificate Invalid
2020-05-22 08:27:17

As everyone has said its just a self signed certificate

there is no point installing it in your computer certificate store, as it is issued to localhost, which will never be the name of the device you connect to.

 

TP-Link arent interested in letting you install your own.

which for a business appliance is quite disapointing.

 

if i had my time again, i would have just used the software controller.

at least there is a painful workaround to installing your own certificate in that.

  0  
  0  
#6
Options
Re:https/ssl not working for OC-200. Certificate Invalid
2020-05-23 09:23:15 - last edited 2020-05-23 09:33:53

 

doxxie-au wrote

As everyone has said its just a self signed certificate

there is no point installing it in your computer certificate store, as it is issued to localhost, which will never be the name of the device you connect to.

 

The certificate has been issued for localhost, that's correct.

 

However, installing the cert in the computer's certificate store allows to connect to the OC200 using its self-signed certificate w/o the annoying security warning of the browser. Whether the Common Name of the certificate is to be matched against the hostname used to access the OC200 can be specified by the trust level for SSL/TLS connections, too:

 

 

 

BTW: In the upcoming Omada SDN Controller you can indeed upload your own self-signed or official certificate to OC200.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#7
Options