[Micronet] Linksys Router Root CA not trusted

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Linksys Router Root CA not trusted

Mike Friedman
Hi,

I've got a WRT54G2(*) linksys router here at home.  As recently as last month, I had no trouble connecting to the admin URL, which is a link local address on my Wi-Fi LAN.  I have the router configured to allow administration only via https and I don't allow remote administration at all.  Now I find that I can't connect because the linksys root CA is not trusted.  Firefox tells me very little about what's going on, but Chrome does allow me to view the host cert.  Apparently the latter expires next February, but it's the root CA that is not trusted.  Can anyone think of a reason that, in the past month, the linksys root CA should suddenly not be trusted, either by Firefox, Chrome or IE?

I'm not too worried, because I can use http instead.  Since I don't allow access from outside my WiF-Fi network (which is highly restricted), this should not be terribly insecure.

BTW, it's unfortunate that Firefox (33.0.1) won't even allow me to bypass the cert warning to connect anyway.  Fortunately, I was able to get in via Chrome ("unsafely") in order to change the router config to allow http access.

Any ideas?

Thanks.

Mike

(*) This is V1 of the firmware.
-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Linksys Router Root CA not trusted

Graham Patterson
It may be due to a phasing out of 1024 bit SSL CA certificates:

https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/

Embedded systems are likely to be casualties of this as they get older.


Graham

On 10/25/2014 11:46 AM, Mike Friedman wrote:

> Hi,
>
> I've got a WRT54G2(*) linksys router here at home.  As recently as last
> month, I had no trouble connecting to the admin URL, which is a link
> local address on my Wi-Fi LAN.  I have the router configured to allow
> administration /only/ via https and I don't allow remote administration
> at all.  Now I find that I can't connect because the linksys root CA is
> not trusted.  Firefox tells me very little about what's going on, but
> Chrome does allow me to view the host cert. Apparently the latter
> expires next February, but it's the /root CA/ that is not trusted.  Can
> anyone think of a reason that, in the past month, the linksys root CA
> should suddenly not be trusted, either by Firefox, Chrome or IE?
>
> I'm not too worried, because I can use http instead.  Since I don't
> allow access from outside my WiF-Fi network (which is highly
> restricted), this should not be terribly insecure.
>
> BTW, it's unfortunate that Firefox (33.0.1) won't even allow me to
> bypass the cert warning to connect anyway.  Fortunately, I was able to
> get in via Chrome ("unsafely") in order to change the router config to
> allow http access.
>
> Any ideas?
>
> Thanks.
>
> Mike
>
> (*) This is V1 of the firmware.
>
> --
> Mike Friedman
> [hidden email]
> http://mikefberkeley.com
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>

--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon,
the mathematical puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.