dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
756
share rss forum feed


Bluefish
Premium
join:2010-02-23

USG20W Reassign DMZ Interface? And Certificate Error? Noob!

I am new to this router (and small business router setup in general) and have read many posts and looked in the User Guide but still can't figure out a couple of things ...

1. Can I reassign the DMZ Port P5 Interface to Lan3? I don't need a DMZ.

2. I followed the instructions below from Gork and am still getting the certificate security error in both IE9 and Chrome (even after clearing browser cache) when trying to log into the router's web interface. I created the Cert with the following info:

Name: 192.168.1.1
Host IP Address: 192.168.1.1
Key Type: RSA
Key Length: 2048

Please help, what am I doing wrong? TIA

GORK'S INSTRUCTIONS: CERTIFICATE ERROR (in the browser)

Configuration -> Object -> Certificate; create new cert. w/ path to GUI (192.168.1.1 by default)

Click on the new certificate and choose to edit, then "Export Certificate Only"

Configuration -> System -> WWW; select the new certificate from the drop down box

Windows + R; certmgr.msc; Import the new cert. into "Trusted Root Certification Authority"



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

You can use any physical port as you wish (limitations are on how many ports can be WAN however).

Check under NETWORK, Interface (side menu) - main page top tab Port Grouping .



Bluefish
Premium
join:2010-02-23

Thanks Anav ... no ideas on the certificate thing?



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

No I am certificate challenged LOL



Gork
Ou812ic

join:2001-10-06
Bountiful, UT

1 edit

1 recommendation

reply to Bluefish

I'm still using those instructions so the browser (IE in my case) doesn't complain about the certificate error and they're still working. You're using a Windows OS, right? I've done it on WinXP, Win7 and Win8... I'm not sure where to start as far as offering suggestions about what might be going wrong. Have you verified in the certmgr.msc interface that the certificate was imported properly and into the Trusted Root Certification Authority for the OS?

The error really doesn't cause any problems so long as you don't have security settings in the browser preventing your access. It just bugged me so I figured out how to make it go away.

EDIT:
I found an update in my notes which may be the problem. I had forgotten this happened after an IE security update: "Must now make certificate with Key Length of 2048 bits." This is not the default setting in the router when you create a certificate. So after that security update I had to create a new certificate in the router with a key length of 2048 bits, delete the old certificate in the OS's certmgr and import the new certificate.

Oops, I see you're already using that key length though - missed that. I'm not sure what else could be the problem... ?? Have you tried creating a certificate with a different name than the IP address of the router's web interface? Try just a simple name like mycert in the name field while keeping the host IP address 192.168.1.1 and see if that changes anything. I don't know why that would cause a problem, but who knows? And maybe make sure you delete any old certificate for the router you've imported to certmgr as well? Just throwing ideas out there at this point.



Bluefish
Premium
join:2010-02-23

Thanks for your reply Gork. I tried all of those things. I've given up for now. Like you said, it's not a big problem anyway. The USG20W is an on-going project for me. I'm using it to learn more about networking and firewall rules, etc. My USG20W's not going online until I'm sure it's configured correctly and securely. No matter how long it takes me to learn : )