The certificate that has been embedded with the firmware has a mismatched SAN DNS list that is going to throw security errors in every modern browser, and will not work correctly. Security workarounds are not acceptable for devices not just marketed as routers, but also as security devices with subscriptions.

Ideally the DNS entry (tplinkwifi.net) and certificate should have functional default values, but at the price point of the BE9300 should also be user configurable and maintainable.

3 Reply

Sunshine

2023-12-25 09:50:41

Posts: 6511

Helpful: 1003

Solutions: 671

Stories: 0

Registered: 2018-12-17

Re:HTTPS cert for tplinkwifi.net needs tplinkwifi.net listed in the SAN

2023-12-25 09:50:41

@ndotb

Hi, may I have a screenshot of the security errors you encountered when accessing the web interface via https?

If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.

Rch11

LV1

2024-01-15 04:16:29

Posts: 16

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-01-15

Re:HTTPS cert for tplinkwifi.net needs tplinkwifi.net listed in the SAN

2024-01-15 04:16:29

Ideally you should be able to use local ip address without constant attempts to redirect to tplinkwifi.net. DNS isn't very secure by design and opens unnecessary attack vector.

Rch11

LV1

2024-01-15 04:20:50

Posts: 16

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2024-01-15

Re:HTTPS cert for tplinkwifi.net needs tplinkwifi.net listed in the SAN

2024-01-15 04:20:50

@Sunshine 4ba79db65b45481b8e822e53fbc88743

ndotb

LV1

2023-12-25 02:10:44

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-12-24

Information

Helpful: 0

Replies: 3

HTTPS cert for tplinkwifi.net needs tplinkwifi.net listed in the SAN

HTTPS cert for tplinkwifi.net needs tplinkwifi.net listed in the SAN

Information

Voters 0

Tags