How to change the cert path encrypting router connection?

[Joe Joe]

Hi,

I have an ASUS TUF-AX6000.

I want to encrypt the connection from my PC to my router.

When I:

1. Go to Administration > System > Local Access Config
2. and go to: https://192.168.50.1:8443
3. Accept the risk and enter to my router, log in, and go to the same location
4. Download the certificate via the Export button
5. Unzip the cert and install it

It creates a cert to: "www.asusrouter.com", and the path to my router is: "https://192.168.50.1:8443".

How do I make the cert to the correct path which is the IP and not asusrouter.com?

Thanks!

Joe

 

[Tech9]

You can use asusrouter.com instead. It redirects to router's LAN IP anyway.

This encrypted connection to your router's GUI is not needed in home use environment.

 

[Joe Joe]

How so? When I go to asusrouter.com I get "We can’t connect to the server at www.asusrouter.com.". Do I need to set up a DNS or how does it work?

Thanks!

 

[ColinTaylor]

How so? When I go to asusrouter.com I get "We can’t connect to the server at www.asusrouter.com.".

Have you disabled HTTP access (Administration - System > Local Access Config)?

 

[Joe Joe]

Have you disabled HTTP access (Administration - System > Local Access Config)?

Nope. I bought the router recently and I have not had asusrouter.com or router.asus.com direct to the GUI or router. I also made a cert with Let's Encrypt using Asus.com, and the same story with myusername.asuscomm.com

 

[ColinTaylor]

It sounds like your PC is not using the router for DNS. Open a command prompt on your PC and post the entire output from these commands:

nslookup asusrouter.com
nslookup www.asusrouter.com

 

[Joe Joe]

PS C:\Users\Bruger> nslookup asusrouter.com
Server: UnKnown
Address: fc00:bbbb:bbbb:bb01::1

Name: asusrouter.com

PS C:\Users\Bruger> nslookup www.asusrouter.com
Server: UnKnown
Address: fc00:bbbb:bbbb:bb01::1

*** UnKnown can't find www.asusrouter.com: Non-existent domain
PS C:\Users\Bruger>

Thanks!

 

[Joe Joe]

On my PC with Win11 I have set DNS on my wifi to use open DNS. I just turned it off. No difference. Maybe I need to reconnect.

 

[Joe Joe]

Still not working

 

[ColinTaylor]

This appears to be a consequence of enabling IPv6 on the router.

Your redacted address (fc00:bbbb:bbbb:bb01::1) looks like it might be your router's IPv6 address. If so then I don't know whether it not being able to resolve local names is a bug or by design. Either way it's unlikely to be something you'll be able to fix, short of disabling IPv6.

So getting back to the original question. Why do you feel the need to use HTTPS on a LAN connection? Just use http://192.168.50.1

 

[rung]

If you use Asus DDNS, you can enter that address into your windows hosts file here: C:\Windows\System32\drivers\etc\hosts

For example, if you chose XXXXX as the HostName on the DDNS configuration page and choose a Let's Encrypt certificate, you could put this line in the hosts file:

192.168.50.1 XXXXX.asuscomm.com

Then when you enter the following url, there should be no error:
https://xxxxx.asuscomm.com:8443

 

[Tech9]

Still not working

Are you adding the port number as well? Like https://asusrouter.com:8443?

 

[Joe Joe]

Hi,

Thanks for all the answers!

The weird thing is, IPV6 is turned off.

I did what rung wrote and it works as a charm -super good- thanks!

I have a neighbor trying to hack me all the time, so I just want to be super safe, that's why.

Thanks again!

 

[L&LD]

How do you know it's a neighbor?

That is what the police are for (if you have that info).