zyxel N4100 gateway - Problems with SSL certificate on welcome page (google chrome)

MazeMaze Member Posts: 6  Freshman Member
Hello,
Since this past Thursday, all the guests that are using google chrome lastest version (v 67), they can not see the "welcome portal to type the user and password" to get internet access (in this zyxel model). Google chrome, blocks the "welcome page", and gives the message saing that the SSL in 1.1.1.1 is not secure. This problem is only with google chrome latest update. Is there a way to upload a new SSL certificate in this model? I see that is possible in the configuration but I dont know what is the best SSL to use... or doesnt exist :(

Need help, please. Thank you
Tagged:
«134

Comments

  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 605  mod
    Hi @Maze,
    Can you take a screen shot for waring message and post it.
  • MazeMaze Member Posts: 6  Freshman Member
    Hi Zyxel_Cooldia

    After a few hours, found a solution, even better that the one that was working before this update of google chrome to version 67.

    Thank you  B)
    Zyxel_Cooldia
  • S_LS_L Member Posts: 2
    Maze said:
    Hi Zyxel_Cooldia

    After a few hours, found a solution, even better that the one that was working before this update of google chrome to version 67.

    Thank you  B)
    Hi, we are experiencing the same issues here.

    Would you mind sharing your solution with us?

    My approach: I am thinking about enabling SSL login and installing a self-signed letsencrypt certificate.

    Thank you
  • JaumeJaume Member Posts: 9
    edited June 17, 2018 7:51PM
    We have the same problem tested with Chrome and Firefox.
    Any solution?
  • S_LS_L Member Posts: 2
    edited June 18, 2018 4:53AM
    After getting into that matter a bit more, it seems like Cloudflare's more or less recent introduction of their DNS service at the publicly reachable address 1.1.1.1 might have something to do with this issue:

    The combination of:
    - https://1.1.1.1 being reachable at Cloudflare
    - 1.1.1.1 not being a IP address reserved for use in private networks

    seems to break the redirection, and maybe other browsers will follow.

    It is not possible to obtain a letsencrypt certificate for 1.1.1.1, and even if so this wouldn't help either for other reasons (modern browsers would consider the redirect as interception)

    Quick and dirty workaround: deactivate authentication completely

    So I have to ask, will Zyxel release a firmware for the N4100 which uses a URI other than 1.1.1.1 for the login redirect?

    Otherwise, we will have to switch to maybe the pfSense captive portal which is poen source.
  • JaumeJaume Member Posts: 9
    Thanks for your information S_L but we hope that Zyxel will give us an urgent solution.
    Somebody out there, Zyxel?
  • I think I am having the same problem..  I have a campground and am using an N4100..  Usually no problem accessing my login page..  But the last couple which also used google chrome..  It wouldn't bring my sign on page on..  Normally, I tell the campers to just go to 1.1.1.1  ...which always brings my logon page on the screen..  On their I phones and laptops, they get a warning about no license.. unsecure.. probably fraud site..  And the sign on page will not come on..  What's the solution
  • JaumeJaume Member Posts: 9
    This problem used to be solved doing what it is explained here (click on "ADVANCED" and then "Continue to [we page]"):

    https://support.zyxel.eu/hc/en-us/articles/360005978894--This-is-not-a-secure-connection-Warning-on-Hotspot-System-in-Google-Chrome-what-does-this-mean-

    "This is not a secure connection"- Warning on Hotspot-System in Google Chrome - what does this mean?

      Avatar
      Phillipe Piris

      The problem is that it is not working anymore. I don't have the option to "Continue to [Website]", as seen in the following screenshots:





    • MazeMaze Member Posts: 6  Freshman Member
      edited June 21, 2018 4:21AM
      I'm going to explain what I have done to solve this problem... I'm going to write a new post with the solution (that is working fine since this past Thursday). Please wait a bit... Thank you
    • MazeMaze Member Posts: 6  Freshman Member
      Hello again,

      First, sorry for my english, it's not perfect but I'm going (try) to explain.

      - Like everybody knows, Google wants that "all web-pages" must be secured. How? with an SSL certificate (https).
      - After this update from Google (v67 chrome), the login page from N4100 is not secured (the welcome page is in https://1.1.1.1).
      - The solution (for me) is changing to a new "IP address google frendly", by example "local IP address range" like 10.0.0.1 range, or 192.168.0.1 range. For google, those are consider local IP's.

      So, solution?? Create a new SSL certificate!

      How?! I've used OpenSSL to create one. In this new certificate, please use local IP ranges (like the ones that I said above).

      To create a certificate SSL, I've used the next command line:

      First command:
      genrsa -des3 -out exemple.key 2048

      Second command:
      req -new -key exemple.key -out exemple.csr

      Third command:
      x509 -req -days 1095 -in exemple.csr -signkey exemple.key -out final.crt


      When you type the second command line, openssl will ask all the infomation need in the certificate, one of the question is: "The server", here you are going to type the ip address (exemple): 192.168.0.1.

      After doing this you just need to "upload" the certificate (2 files) to the N4100 "System tools" -> SSL certificate.

      Please, after uploading this SSL file, you need to "disable" the certificate in the Zyxel N4100. If you live this option enable, Its impossible to press the "OK" button in the "autentication welcome page".


      And that's it.

      I'm creating a PDF file with print screens, to show exactly how I've done, but what I've wrote here is the idea that is working with me.

      If you think that there is a better solution, please let me know.

      Thank you :)

      Obrigado from Portugal, Lagos :)
      Zyxel_CooldiaMiquelJaume
    Sign In to comment.