[OpenWrt-Tickets] [OpenWrt] #18232: OpenWRT 14.07 creates SSL certs with identical serial numbers on different devices

Sun, 26 Oct 2014 18:47:44 -0700 

#18232: OpenWRT 14.07 creates SSL certs with identical serial numbers on 
different
devices
-------------------------------------------------+-------------------------
 Reporter:  painterengr@…                        |      Owner:  developers
     Type:  defect                               |     Status:  new
 Priority:  high                                 |  Milestone:  Barrier
Component:  packages                             |  Breaker 14.07
 Keywords:  ssl https serial number certificate  |    Version:  Barrier
                                                 |  Breaker 14.07
-------------------------------------------------+-------------------------
 Router: TP-Link TL-WR841N HW Ver 9.1
 OpenWRT: BARRIER BREAKER (14.07, r42625)

 Fire Fox 33.0 web browser is reporting "Your certificate contains the same
 serial number as another certificate issued by the certificate authority.
 Please get a new certificate containing a unique serial number. (Error
 code: sec_error_reused_issuer_and_serial)" for 2 brand new TP-Link TL-
 WR841N wireless routers both running OpenWRT BARRIER BREAKER (14.07,
 r42625).

 AND FF does NOT offer me any choices to "override" this as it does other
 certificate "issues". I have reported this to FF but they have had this
 problem at least since 2008 and have NOT provided an exception dialog to
 handle it. So, it is not usable from FF. I hear that IE browser offers an
 exception option.

 Procedure to reproduce:

 1. On a brand new TL-WR841N wireless router install the latest OpenWRT
 (14.07).
 2. Configure https (I can supply details if requested)
 3. The router will produce the SSL cert at the end of the config change.
 4. reboot the router.
 5. Using FF access the router at https://192.168.1.1
 6. FF questions the self-signed cert and asks if one wants to accept it
 and record the exception. I accept the exception.
 7. Take router 2 and perform the same steps 1-5.
 8. FF reports the aforementioned Error code:
 sec_error_reused_issuer_and_serial and offers no corrective or exception
 options.

 One can make a sound case that any cert generation on different TP-Link
 OpenWRT routers should produce different serial numbers.

 I searched OpenWRT for any reference to this and found nothing. I also
 tried to find information on how one might manually regenerate the cert
 with some "other options" that would produce a different result but I
 didn't find it.

--
Ticket URL: <https://dev.openwrt.org/ticket/18232>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

Reply via email to