SOHO https:// login fails

Sparky5 · July 22, 2019, 10:34am

On a security recommendation, I attempted to configure my SOHO to accept an https login (http login works normally). One of the advanced network pages allows this option. The result is that both Firefox and IE fail with the error message the the certificate is for a different web site and the login will not proceed unless an exception is made.

Any ideas on which certificate would allow an https:// login?
Thank you,
Sparky5

Zach_Tangen · July 22, 2019, 11:56am

You can manage the certs on the SOHO from Advanced > Misc. Settings > Certificate Manager. The Web Admin SSL cert is the one that will need to be updated. If you’re managing the device using IC2 you can take advantage of Let’s Encrypt integration.

From the device level in IC2 click on Edit.

Scroll down to the Find My Peplink Service and enable it. More options will show up. By default the Peplink DNS record will be the [serial number].my.peplink.link. Check the Manage Web Admin SSL Cert box and save. This will generate a cert using Let’s Encrypt every 76 days and push it to your device.

Sparky5 · July 22, 2019, 2:45pm

Thanks. Generating a special certificate makes sense. I’m just an individual non-network user and don’t have IC2 running. Is this the only way to produce a valid certificate?

Regards,
Sparky5

aldwinaldwin · July 22, 2019, 6:15pm

You can first trust the certificate (see link). Then you can login into the Web Admin again. If you want, you could upload your own certificate under Advanced - Misc. Settings - Certificate Manager. When that works, the ‘invalid’ certificate can be removed from the trusted certificates in your browser.

Sparky5 · July 23, 2019, 6:33am

192.168.20.1 does nothing, because the http address of the router is one IP address in the 10.xxx range. Login is normal using this one http router IP address to access administration. Attempted https:// logins fail. Error returned by the browser says:

“The certificate is only valid for the following names: captive-portal.peplink.com, www.captive-portal.peplink.com Error code: SSL_ERROR_BAD_CERT_DOMAIN”
I appreciate knowing about InControl, but I have no use for cloud based router administration. I’m also confused about why Google should be used in any process related to the Peplink router?

Thanks,
Sparky5

Sparky5 · July 23, 2019, 6:39am

The latest suggestion is to generate my own certificate and upload it to the router. I can see the certificate manager in FireFox “Options” and it allows uploading certificates to its trusted list. I have no idea how to generate my personal security certificate. Not much to go on in the SOHO user’s manual.
Thanks!
Sparky5

aldwinaldwin · July 23, 2019, 7:18pm

A “SSL Certificate Provider” like Comodo, GoDaddy, GlobalSign, … can provide one. Or you can create a “Self Signed Certificate”, as can be found on this forum post:

That is not Google. It’s just a piece of Google Maps, that is used in InControl, that sneaked into the screenshot.