No.....but thanks for the feedback that it's working OK for you. It may be unique to my fork which doesn't use the token based authentication of the newer levels.Any more info about it? Working fine here...
Same here, http works but https doesn't work.No.....but thanks for the feedback that it's working OK for you. It may be unique to my fork which doesn't use the token based authentication of the newer levels.
Found one possibility to investigate.....
Certs invalid on Chrome 58 due to CN Deprecation
David Mar 22, 2017 04:23PM UTC
TL;DR: Chrome 58 only looks at the SAN in a cert for validating hostnames and not the CN. Please add a SAN for the hostname when generating the cert.
In 2000, RFC 2818 (https://tools.ietf.org/html/rfc2818) "deprecated" checking CN in favor of using SAN. 17 years later, browsers are actually doing so, with Chrome 58 and Firefox 48: https://www.chromestatus.com/features/4981025180483584
There's some SSL weirdness going on with the Chrome 58 builds.... had to do with TLS 1.2 and TLS 1.3...
Same here, http works but https doesn't work.
FW version?
I updated Asuswrt's SSL code a few years ago to add support for TLS 1.0 through 1.2 (and remove legacy SSL support). I was actually recently debating whether or not to ditch 1.0 and 1.1 support in httpd, then feared it might break Asus's mobile application and put that plan on hold for the time being. And figured that for a LAN-only service, 1.0/1.1 were good enough, if I wanted to avoid the risk of breaking third party apps.
380.66_alpha4FW version?
380.66_alpha4
So far it also seems to work fine for me using 380.66 Alpha 4.
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, CN=ASUS Self-Signed Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d7:96:81:6f:09:45:d9:66:a6:82:cc:81:db:6b:
....
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:router.asus.com, DNS:asusrouter.com, IP Address:192.168.1.1
Signature Algorithm: sha256WithRSAEncryption
3b:93:4a:46:35:38:4f:32:5a:07:97:74:5a:31:9a:ca:1b:fb:
....
I've gotten at least part of the way there (though google still doesn't recognize the final cert as having a SAN )
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!