the website sent back unusual and incorrect credentials.

[bertilak]

Today I could no longer log into the RT-AC86U Asus router, using Merlin, of course. I started with Merlin 386.9 but upgrading to 386.10 did not help. I restarted my laptop but that didn't resolve the issue.

I get the expected error "Your connection isn't private ..." I am used to that and simply go to advanced which allows me to log in, but this time it did not work. Instead, I get:

192.168.1.1 uses encryption to protect your information. When Microsoft Edge tried to connect to 192.168.1.1 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 192.168.1.1, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged.

You can't visit 192.168.1.1 right now because the website sent scrambled credentials that Microsoft Edge can't process. Network errors and attacks are usually temporary, so this page will probably work later.

This is with either Microsoft Edge or Chrome. With Firefox, all is well.

Wild Guess: I wonder if my trial use of Aura Identity Guard (now disabled and Laptop rebooted) may have messed something up.

Please help.

 

[RMerlin]

The message is very vague, my best guess as to what they mean by "credentials" would be you are connecting to 192.168.1.1, but the certificate uses a CN of router.asus.com, and your browser might be configured to block you rather than allow you to bypass that.

I'm sure it must be configurable somewhere, but I very rarely use Edge myself so I wouldn't know. Maybe check that you don't have some security extension enabled in Edge that might be generating that message.

 

[bertilak]

The message is very vague, my best guess as to what they mean by "credentials" would be you are connecting to 192.168.1.1, but the certificate uses a CN of router.asus.com, and your browser might be configured to block you rather than allow you to bypass that.

I'm sure it must be configurable somewhere, but I very rarely use Edge myself so I wouldn't know. Maybe check that you don't have some security extension enabled in Edge that might be generating that message.

Well, I guess that's it. I put router.asus.com in the address bar (instead of 192.168.1.1) and it worked!

 

[storkinsj]

NET::ERR_CERT_INVALID website sent scrambled credentials Self-signed Certificate - Google Chrome Community

 

[bertilak]

NET::ERR_CERT_INVALID website sent scrambled credentials Self-signed Certificate - Google Chrome Community

Somewhere in that old thread someone said there should be a simple way around this. Well, there was, but it no longer works. Click on Advanced then click on the thing that says, basically, "I don't care, bring up the web page anyway." Well, that stopped working and is why I posted my question.

The solution I mentioned just above, suggested by RMerlin, avoids the problem completely and I no longer have to go through the "Advanced -> do it anyway" rigamarole. It just works like it should.

 

[sfx2000]

The message is very vague, my best guess as to what they mean by "credentials" would be you are connecting to 192.168.1.1, but the certificate uses a CN of router.asus.com, and your browser might be configured to block you rather than allow you to bypass that.

Chrome (and as a result, Edge) - getting much more strict on certs these days...

The Chrome Certificate Verifier will apply standard processing to include checking:

• the certificate's key usage and extended key usage are consistent with TLS use-cases.
• the certificate validity period is not in the past or future.
• key sizes and algorithms are of known and acceptable quality.
• whether mismatched or unknown signature algorithms are included.
• that the certificate does not chain to or through a blocked CA.
• conformance with RFC 5280.

One thing that can help - https://crt.sh/lintcert

More here...

Frequently Asked Questions

 

[Foe4415]

I have a self installed certificate to avoid the "your connection isn't private" message. But yesterday I started getting this issue too, where it gives me that message (even though I have a certificate installed) but doesn't let me ignore it and proceed.

I suspect chrome/edge did an update that is more strict on self installed certificates. So I deleted the certificate, and now when I get that message, it at least lets me ignore it and proceed if I want to.

 

[TomMe]

I have a self installed certificate to avoid the "your connection isn't private" message. But yesterday I started getting this issue too, where it gives me that message (even though I have a certificate installed) but doesn't let me ignore it and proceed.

I suspect chrome/edge did an update that is more strict on self installed certificates. So I deleted the certificate, and now when I get that message, it at least lets me ignore it and proceed if I want to.

I was having the problem also since last week, but today there was a web page that Edge had been updated and now the certificate works again. I'm sure it will continue to get broken and fixed again