CA Certificate Warnings
Hi all,
Hope you can help. I am trying to rectify a few certificate warnings for the router login page in both Windows 10 1903 with FireFox 69.0.2 and in IOS 13.1.2 with Chrome 77.0.3865.103, Edge 44.8.7 and FireFox 19.1 (16203). I have rectified the certificate warnings for the latest versions of Chrome, Edge and Internet Explorer in Windows 10 as well as the latest version of Safari in IOS 13 but not for the web browsers as stated above. Below are the warnings I get in each web browser.
FireFox 69.0.2 - Connection is Not Sure - This page uses weak encryption
Chrome 77.0.3865.103 - Your connection is not private - NET::ERR_CERT_AUTHORITY_INVALID
Edge 44.8.7 - This site is not secure - I have to tap Continue twice in order to get to router login page.
FireFox 19.1 (16203) - This Connection Is Untrusted
I have read that the certificate warnings for FireFox are due to the fact that TLS 1.0, 1.1 and 1.2 are enabled and need to be replaced with TLS 1.3 in order to rectify these warnings. I know how to change them on the browser end for FireFox in Windows but I wanted to ask whether there was anyway of enabling TLS 1.3 on the router level rather on the browser level as I can't change this behavior for Chrome, Edge and FireFox in IOS. If so, how I do I go about doing it? If not, will I need to wait until a firmware update becomes available in order to enable TLS 1.3 on the router level.
Your help would be much appreciated.
Kind regards,
RocknRollTim
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Kevin_Z I enabled local management using HTTPS via the web UI before diagnosing the certificate warnings. I enabled local management using HTTPS in order to mitigate against numerous attacks such as man-in-the-middle as read from numerous sources on the Internet.
I overcame the certificate warnings for Chrome, Edge and Internet Explorer in Windows 10 by adding the certificate to the Trusted Root Certification Authorities store, the same was achieved for Safari in IOS 13, again using several sources on the Internet.
I also read on the Internet that FireFox for Windows no longer uses the Trusted Root Certification Authorities store and uses its own certificate store on a per user basis by default which I do not why Mozilla decided upon this decision, however this behaviour can be overridden by amending the configuration file by accessing about:config and changing the value for security.enterprise_roots.enabled to true in order to use the Trusted Root Certification Authorities store which I did. FireFox in Windows complains that the connection is not sure and that the page uses weak encryption which I cannot amend from the server end i.e. the router in this scenario as the options to change the encryption protocol for the certificate are not available via the web UI.
I have had no problems in diagnosing the certificate warnings in Android 6.0.1 for the latest versions of Chrome, Edge and FireFox using the Trusted Root Certification Authorities store, however with IOS 13, Chrome, Edge and FireFox all give certificate warnings similar to FireFox in Windows, again all the latest versions.
I wanted to diagnose these certificate warnings as I am a person who likes to follow best security practices. If it’s just a case that I cannot fully resolve these certificate warnings and have to wait for TP-Link to release a new firmware update then I guess I will have to perceive for now.
Kevin_Z wrote
First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:
The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.
Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.
May it help and have a good day.
- Copy Link
- Report Inappropriate Content
Thanks for your reply.
There is a plan to add one mesh feature to Archer VR400 V2, so a new firmware is expected.
You can keep an eye on official website for the updates.
Good day.
- Copy Link
- Report Inappropriate Content
First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:
The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.
Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.
May it help and have a good day.
- Copy Link
- Report Inappropriate Content
@Kevin_Z I enabled local management using HTTPS via the web UI before diagnosing the certificate warnings. I enabled local management using HTTPS in order to mitigate against numerous attacks such as man-in-the-middle as read from numerous sources on the Internet.
I overcame the certificate warnings for Chrome, Edge and Internet Explorer in Windows 10 by adding the certificate to the Trusted Root Certification Authorities store, the same was achieved for Safari in IOS 13, again using several sources on the Internet.
I also read on the Internet that FireFox for Windows no longer uses the Trusted Root Certification Authorities store and uses its own certificate store on a per user basis by default which I do not why Mozilla decided upon this decision, however this behaviour can be overridden by amending the configuration file by accessing about:config and changing the value for security.enterprise_roots.enabled to true in order to use the Trusted Root Certification Authorities store which I did. FireFox in Windows complains that the connection is not sure and that the page uses weak encryption which I cannot amend from the server end i.e. the router in this scenario as the options to change the encryption protocol for the certificate are not available via the web UI.
I have had no problems in diagnosing the certificate warnings in Android 6.0.1 for the latest versions of Chrome, Edge and FireFox using the Trusted Root Certification Authorities store, however with IOS 13, Chrome, Edge and FireFox all give certificate warnings similar to FireFox in Windows, again all the latest versions.
I wanted to diagnose these certificate warnings as I am a person who likes to follow best security practices. If it’s just a case that I cannot fully resolve these certificate warnings and have to wait for TP-Link to release a new firmware update then I guess I will have to perceive for now.
Kevin_Z wrote
First of all, this site is secured, you do not have to worry about it. Reasons are listed as below:
The router can be accessed by http and port 80 by default, that is why it is detected as unsecured by some https websites. First, you can click continue to access it.
Or you can login to the web UI and go to advanced-system tools-administration page to enable local management via HTTPs.
May it help and have a good day.
- Copy Link
- Report Inappropriate Content
Thanks for your reply.
There is a plan to add one mesh feature to Archer VR400 V2, so a new firmware is expected.
You can keep an eye on official website for the updates.
Good day.
- Copy Link
- Report Inappropriate Content
Thanks for letting me know, I will keep an eye out on the official website for the next firmware update.
Thank you for your help.
Many thanks,
RocknRollTim
- Copy Link
- Report Inappropriate Content
Thanks for your reply, it is glad to help you.
You can wait for the updates.
And if need any further help, please let us know.
Good day.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2284
Replies: 5
Voters 0
No one has voted for it yet.