Reply
Highlighted
Posts: 22
Registered: ‎11-19-2008

WRT54G ver 5 - HTTPS Access

[ Edited ]

First, I configured the WRT54G router for secure access (Administration > Web Access).  I enabled only HTTPS.  At some point, the user interface apparently launched a "wizard" which proceeded to create a "certificate". 

 

When I subsequently tried to access the router by using  https://192.168.1.1  Firefox 3.0.4 reported:

 

192.168.1.1 uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is only valid for <a id="cert_domain_link" title="Linksys">Linksys</a>
(Error code: sec_error_ca_cert_invalid)

 

I can understand that the certificate would be invalid because it is "self-signed" (which probably means that Linksys issued the certificate to itself, i.e., to one of its own devices), but I do not understand the part after "The certificate is only valid for ... " 

 

The bottom line is that Firefox will not display the log-on dialog and will not allow me to access the router.  The error message that is displayed by Internet Explorer 7 is rather vague and cryptic, and it also will not allow me to access the router.  

 

Firefox does not show a record of a certificate for any Linksys device, or for any firm except Verisign, in the certificates which are apparently available to it, i.e., one to send when a server asks for it.

 

What must I do to obtain a valid SSL Certificate for the Linkys WRT54G router??   Secure access is essential for remote administration.

 

According to Linksys, the most recent revision of the WRT54G firmware is installed.

 

By the way, it seems odd to me that I must enter a password to access the router, but there is no function to "log-out" once I've completed the tasks!  Does that leave the router's configuration page open to access without the password??

 

--- Stardance

 



Stardance

nil carborundum illegitimi!
Posts: 2,829
Registered: ‎09-07-2006

Re: WRT54G ver 5 - HTTPS Access

Once you close the setup page, it logout's you automatically and everytime you try to access the setup page you need to authenticate yourself.
Posts: 22
Registered: ‎11-19-2008

Re: WRT54G ver 5 - HTTPS Access

Can you answer the REAL question: 

 

What must I do to obtain a valid SSL Certificate for the Linkys WRT54G router??  

 

Your first reply is not a "solution" to the matter, only a response to a question that I probably should not have asked at all.

 



Stardance

nil carborundum illegitimi!
Posts: 22
Registered: ‎11-19-2008

Re: WRT54G ver 5 - HTTPS Access

"Once you close the setup page, it logout's you automatically and everytime you try to access the setup page you need to authenticate yourself."

 

What do you mean by "close the setup page"??  I have never seen any feature of the router configuration UI which allows me to "log-out" or to "close the setup page".

 

For what it is worth to you:  (1) if I am looking at the user interface -- "configuration page" -- for the router, and (2) I "depart", for example, by telling Firefox to fetch the "home page", (3) then use the "Back" button to "return" to the router's UI, that action is not intercepted by a dialog that requires a password.  From the Firefox "history list" I can even select the specific display of the router's configuration that was most recently displayed, and "return" to it without any challenge. 

 

Whether these page(s) are fetched fresh or from the cache, I don't know, but I think that Firefox is configured to fetch them fresh.  For one thing, if I use the "Save Changes" button on a part of the page, then the displayed configuration is, in fact, effected.

 

If I can take the sequence of actions starting with "(2)" above, so can anyone else who has access to the network to which the router is connected -- especially when it is connected with the HTTP. 

 

Sometimes I wonder what happens when someone enters 192.168.1.1 into the location field of their browser when the Ethernet NIC on their computer is connected directly to a cable broadband modem, or to an ADSL modem, or their computer is connected via an old-fashioned "dial-up" modem.

 

--- Stardance

 



Stardance

nil carborundum illegitimi!
Posts: 4
Registered: ‎10-08-2010

Re: WRT54G ver 5 - HTTPS Access

I'm having the same problem. Just bought an E3000 and enabled HTTPS access through the Administration > Management tab under the section labeled: Local Management Access. I removed the checkmark from HTTP and placed a checkmark in HTTPS. Now I can't access the router page due to the following error: 

192.168.1.1 uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for <a id="cert_domain_link" title="Linksys">Linksys</a>
(Error code: sec_error_ca_cert_invalid)

So now I appear to be locked out of the router because when I try accessing the page I get:

Firefox can't establish a connection to the server at 192.168.1.1.

I attempted to resolve it by deleting the corrupt cert as described here but I don't see any certificates listed under Cisco or Linksys to delete. I am also not getting the option to "Add an exception." Any suggestions besides using IE, since I don't have access to a Windows machine?

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: WRT54G ver 5 - HTTPS Access

Could you please post a screenshot of the error window?

There should be a "I Understand the Risks" at the bottom which you can open by clicking on it. There should be the add exception button.
Posts: 4
Registered: ‎10-08-2010

Re: WRT54G ver 5 - HTTPS Access

 

There may have been an option on the first window that came up asking me to ignore or add an exception, but I am not in the habit of clicking OK on those. But I don't know how to get that window to come back up.

Posts: 4
Registered: ‎10-08-2010

SOLVED: WRT54G ver 5 - HTTPS Access

I was able to resolve this by manually creating an entry under Firefox > Preferences > Advanced > Encryption > View Certificates > Servers > Add Exception..., then enter the address of your router, including the S (mine is: HTTPS://192.168.1.1), then click Get Certificate > Confirm Security Exception. This is the resulting entry:

 

You should no longer be prompted to add an exception, nor be prevented from doing so, as I experienced.

HTH,

Mike

Posts: 4
Registered: ‎10-08-2010

certificate hell! E3000 - HTTPS Access

It was working as expected until I happened to reboot the router. Now an error states that the certificate has expired:

 

==

192.168.1.1 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for <a id="cert_domain_link" title="Linksys">Linksys</a>
The certificate expired on 12/31/1970 06:00 PM.

(Error code: sec_error_expired_issuer_certificate)

==


I repeated the above process by deleting the certificate exception I had previously added then added another one. This one was fraught with errors!:

 

 

It is working again (for now...) I thought I had a general understanding about how HTTPS and browser certs worked, but this experience has taught me otherwise!

Posts: 88
Registered: ‎05-11-2007

Re: certificate hell! E3000 - HTTPS Access

I'm getting this one (WRT54G Firmware v1.02.8)Firmware Version: v1.02.8:

 

Secure Connection Failed

An error occurred during a connection to 192.168.x.x.

You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)

 

In Firefox I had to remove the cert and the authority (Cisco-Linksys LLC) and override the warning and reimport the authority.

Safari allowed me to simply override the warning by clicking "Continue".

All in all, it's not exactly trust-instilling. I was going to make my router HTTPS only, but now I'm afraid it will lock me out again with that broken cert.