Posted: Tue Aug 01, 2023 1:36 Post subject: Win11 Edge browsers indicated dd_wrt certificate invalid
Running into a problem where microsoft built browsers (edge) and chrome on Win 11 are not getting past our dd_wrt router. Supposedly, going forward this will be the case for all browsers. So far, no issues from linux or mobile browsers reaching our valid https site behind the dd_wrt router. Https is port forwarded to the internal location and has been working fine.
Attached is a screen shot from edge showing the certificate status.
It seems that this may be the reason:
Quote:
Changes to Microsoft Edge browser TLS server certificate verification
I see no mechanism to update or replace the dd_wrt (ver 3.0 build 44715) with an authoritative certificate. Apparently, self published certificates will also be invalid.
So 2 questions:
1) have others encountered this and if so
2) how did you solve the problem, short of exposing the server to the world?
[Edit]
0) Why would request stop at the router and not be passed straight through?
Win11 DD_WRT Certificate Status.png
Description:
Edge certificate viewer showing results when accessing our https site.
Posted: Tue Aug 01, 2023 4:33 Post subject: Win11 Edge browsers indicated dd_wrt certificate invalid
Partially Solved.
Win 11 Edge and Chrome requests, whether http or https seemed to be going to the dd_wrt gui.
I port forwarded port 80->443 and disabled dd_wrt gui port 80 access.
Problem solved, sort of.
I'm still confused why this happened in the first place and wasn't seen when testing on other platforms and their browsers. Maybe not broad enough testing. And the invalid certificate issue remains.
It's a self-signed certificate, of course it's going to throw an error in your browser. This has been discussed in the forum before... accept risk and continue or go through the process of acquiring your own personal certificate from proper signing authority to import / use... _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Wed Aug 02, 2023 14:24 Post subject:
dale_gribble39 wrote:
It's a self-signed certificate, of course it's going to throw an error in your browser. This has been discussed in the forum before... accept risk and continue or go through the process of acquiring your own personal certificate from proper signing authority to import / use...
For Firefox, just use Private Window! I don't use Edge nor Chrome. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Wed Aug 02, 2023 14:31 Post subject: Re: Win11 Edge browsers indicated dd_wrt certificate invalid
mheieis wrote:
I see no mechanism to update or replace the dd_wrt (ver 3.0 build 44715) with an authoritative certificate. Apparently, self published certificates will also be invalid.
Are you talking about Lighttpd? You can get your own non-self-signed certificate. Let's Encrypt offers *FREE* signed SSL certifiates for personal websites.
The same can apply to DD-WRT's WEBUI??? I dunno whether WEBUI's httpd could handle a foreign SSL cert... _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Hi, I have a trusted certificate and I'd like to install it on the router so I can access the web interface securely over the Internet (and I don't have local admin rights on all my systems to install the certificate as root). None of the forum threads I found mentioned any way to do it. I found /etc/cert.pem, host.pem and key.pem in the file system, but they're read-only. I tried using the firmware-mod-kit program mentioned in the Development wiki page, but I got an error:
Quote:
/usr/bin/env: ‘python’: No such file or directory
sort: cannot read: /home/ekaye/firmware-mod-kit/wkdir2/logs/binwalk.log: No such file or directory
Extracting 0 bytes of header image at offset 0
ERROR: No supported file system found! Aborting...
And anyway, it looks pretty risky. Is there any way to replace the certificate, or is it built into the firmware?
This thread isn't about the dd-wrt website, whatsoever, it's about the firmware webUI https certificate. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio