[solved] Err_cert_authority_invalid

lleachii · December 1, 2018, 6:43pm

CORRECT!

That is not the wildcard the OpenWrt device refers to. You can install a cert for a domain you purchased (or used Let's Encrypt for).

Please explain any vulnerability now. I am truly interested.

arjuniet · December 1, 2018, 6:46pm

i am really not getting now what you want to know. I cant explain you dude , if you have any specific doubt tell me frankly i ll try to help

you got to know now what i was trying to explain ?

lleachii · December 1, 2018, 6:47pm

The Router generates a Cert for this (you cannot legally buy one):

arjuniet · December 1, 2018, 6:49pm

dude why you reached root name servers ?? i never talked about it

i am talking about ROOT CA

lleachii · December 1, 2018, 6:51pm

Please re-read.

arjuniet · December 1, 2018, 6:52pm

yes whats wrong in it?

arjuniet · December 1, 2018, 6:53pm

this ? i think

lleachii · December 1, 2018, 6:54pm

The router is "root of trust" (as its configs and is configuration consoles are concerned).

arjuniet · December 1, 2018, 6:58pm

leave it dude . you dont seems to accept anything that i am saying so please let it go .

lleachii · December 1, 2018, 6:59pm

From: https://arstechnica.com/information-technology/2017/07/google-drops-the-boom-on-wosign-startcom-certs-for-good/

One bug allowed someone with control of a subdomain to claim control of the whole root domain for certificates.

Do you understand now?

arjuniet · December 1, 2018, 7:02pm

dude you know nothing about ssl/tls or crypto .. thats it .. accept this truth ..i wont reply you now on this

bye tc

lleachii · December 1, 2018, 7:07pm

Then...I leave everyone else to think...

Again...

To implement any of @arjuniet's suggestions, you still need to purchase a domain, DDNS, etc... until @arjuniet posts about Let's Encrypt on OpenWrt.

arjuniet · December 1, 2018, 7:10pm

I gave it a thought . I think the conflict is because i am having a impression of not just the home users , but more about the public wifi hotspots as that is my field of experience

To end up this thread with some positive experience let me tell you some of the use cases where its better to have a Trusted ROOT CA signed certificate ( by trusted mean trusted by your client device not by ARJUN )

**

lleachii · December 1, 2018, 7:32pm

And don't register a cert for the router on LAN. Per @arjuniet, a malicious CA can just issue another to a 3rd party to take over your network, or man-in-the-middle your Layer 7 interface.

arjuniet · December 2, 2018, 5:58am

I will never let you guide people out here with your outdated approaches and i wont clapped on your solution just by seeing your badges . this topic will go till i show everyone what you are doing

richb-hanover-priv · December 2, 2018, 5:25pm

Closing this topic. The solution is, as noted, when you install the luci-ssl package, you can either trust that it's the same router (and accept the self-signed certificate) or install a publicly-signed certificate. See this post: [solved] Err_cert_authority_invalid