Is it something to worry about when my browser warns me that my connection to 192.168.1.1 (router admin page)...












30















image



I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.



Chrome also says




Your connection to this site is not private.




I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).



Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.




  1. The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).

  2. The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.










share|improve this question


















  • 4





    Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.

    – studog
    yesterday











  • 1) Get crossover cable 2) Ignore message

    – Joshua
    yesterday






  • 1





    it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.

    – dandavis
    yesterday
















30















image



I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.



Chrome also says




Your connection to this site is not private.




I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).



Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.




  1. The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).

  2. The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.










share|improve this question


















  • 4





    Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.

    – studog
    yesterday











  • 1) Get crossover cable 2) Ignore message

    – Joshua
    yesterday






  • 1





    it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.

    – dandavis
    yesterday














30












30








30


8






image



I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.



Chrome also says




Your connection to this site is not private.




I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).



Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.




  1. The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).

  2. The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.










share|improve this question














image



I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.



Chrome also says




Your connection to this site is not private.




I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).



Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.




  1. The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).

  2. The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.







tls http router






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked yesterday









iBugiBug

728410




728410








  • 4





    Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.

    – studog
    yesterday











  • 1) Get crossover cable 2) Ignore message

    – Joshua
    yesterday






  • 1





    it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.

    – dandavis
    yesterday














  • 4





    Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.

    – studog
    yesterday











  • 1) Get crossover cable 2) Ignore message

    – Joshua
    yesterday






  • 1





    it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.

    – dandavis
    yesterday








4




4





Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.

– studog
yesterday





Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.

– studog
yesterday













1) Get crossover cable 2) Ignore message

– Joshua
yesterday





1) Get crossover cable 2) Ignore message

– Joshua
yesterday




1




1





it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.

– dandavis
yesterday





it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.

– dandavis
yesterday










4 Answers
4






active

oldest

votes


















27














No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.



Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.



It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.



There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.



As far as the specific cases that you're asking about:



1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).



2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.






share|improve this answer





















  • 13





    Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)

    – Ajedi32
    yesterday













  • Thank you, @Ajedi32, I've updated the answer.

    – Ghedipunk
    yesterday











  • "...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.

    – jpmc26
    yesterday











  • @jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.

    – Ghedipunk
    yesterday











  • I'd just make all my changes over the wire; usually you can still connect one.

    – Maarten Bodewes
    yesterday



















5














It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.



I wouldn't worry much as long as:




  1. you control the wiring between your PC and router.

  2. remote management is disabled over wireless (admin page is allowed only via wired media) media.

  3. remote management is disabled from internet.






share|improve this answer



















  • 1





    Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)

    – studog
    yesterday






  • 3





    Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.

    – Barmar
    yesterday





















3














This is not a problem.



Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.



Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.



If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.



Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.






share|improve this answer








New contributor




Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




























    0














    No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).






    share|improve this answer








    New contributor




    ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.




















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "162"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f202739%2fis-it-something-to-worry-about-when-my-browser-warns-me-that-my-connection-to-19%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      27














      No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.



      Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.



      It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.



      There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.



      As far as the specific cases that you're asking about:



      1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).



      2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.






      share|improve this answer





















      • 13





        Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)

        – Ajedi32
        yesterday













      • Thank you, @Ajedi32, I've updated the answer.

        – Ghedipunk
        yesterday











      • "...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.

        – jpmc26
        yesterday











      • @jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.

        – Ghedipunk
        yesterday











      • I'd just make all my changes over the wire; usually you can still connect one.

        – Maarten Bodewes
        yesterday
















      27














      No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.



      Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.



      It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.



      There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.



      As far as the specific cases that you're asking about:



      1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).



      2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.






      share|improve this answer





















      • 13





        Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)

        – Ajedi32
        yesterday













      • Thank you, @Ajedi32, I've updated the answer.

        – Ghedipunk
        yesterday











      • "...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.

        – jpmc26
        yesterday











      • @jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.

        – Ghedipunk
        yesterday











      • I'd just make all my changes over the wire; usually you can still connect one.

        – Maarten Bodewes
        yesterday














      27












      27








      27







      No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.



      Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.



      It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.



      There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.



      As far as the specific cases that you're asking about:



      1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).



      2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.






      share|improve this answer















      No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.



      Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.



      It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.



      There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.



      As far as the specific cases that you're asking about:



      1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).



      2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited yesterday

























      answered yesterday









      GhedipunkGhedipunk

      463312




      463312








      • 13





        Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)

        – Ajedi32
        yesterday













      • Thank you, @Ajedi32, I've updated the answer.

        – Ghedipunk
        yesterday











      • "...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.

        – jpmc26
        yesterday











      • @jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.

        – Ghedipunk
        yesterday











      • I'd just make all my changes over the wire; usually you can still connect one.

        – Maarten Bodewes
        yesterday














      • 13





        Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)

        – Ajedi32
        yesterday













      • Thank you, @Ajedi32, I've updated the answer.

        – Ghedipunk
        yesterday











      • "...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.

        – jpmc26
        yesterday











      • @jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.

        – Ghedipunk
        yesterday











      • I'd just make all my changes over the wire; usually you can still connect one.

        – Maarten Bodewes
        yesterday








      13




      13





      Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)

      – Ajedi32
      yesterday







      Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)

      – Ajedi32
      yesterday















      Thank you, @Ajedi32, I've updated the answer.

      – Ghedipunk
      yesterday





      Thank you, @Ajedi32, I've updated the answer.

      – Ghedipunk
      yesterday













      "...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.

      – jpmc26
      yesterday





      "...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.

      – jpmc26
      yesterday













      @jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.

      – Ghedipunk
      yesterday





      @jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.

      – Ghedipunk
      yesterday













      I'd just make all my changes over the wire; usually you can still connect one.

      – Maarten Bodewes
      yesterday





      I'd just make all my changes over the wire; usually you can still connect one.

      – Maarten Bodewes
      yesterday













      5














      It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.



      I wouldn't worry much as long as:




      1. you control the wiring between your PC and router.

      2. remote management is disabled over wireless (admin page is allowed only via wired media) media.

      3. remote management is disabled from internet.






      share|improve this answer



















      • 1





        Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)

        – studog
        yesterday






      • 3





        Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.

        – Barmar
        yesterday


















      5














      It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.



      I wouldn't worry much as long as:




      1. you control the wiring between your PC and router.

      2. remote management is disabled over wireless (admin page is allowed only via wired media) media.

      3. remote management is disabled from internet.






      share|improve this answer



















      • 1





        Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)

        – studog
        yesterday






      • 3





        Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.

        – Barmar
        yesterday
















      5












      5








      5







      It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.



      I wouldn't worry much as long as:




      1. you control the wiring between your PC and router.

      2. remote management is disabled over wireless (admin page is allowed only via wired media) media.

      3. remote management is disabled from internet.






      share|improve this answer













      It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.



      I wouldn't worry much as long as:




      1. you control the wiring between your PC and router.

      2. remote management is disabled over wireless (admin page is allowed only via wired media) media.

      3. remote management is disabled from internet.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered yesterday









      Crypt32Crypt32

      2,593712




      2,593712








      • 1





        Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)

        – studog
        yesterday






      • 3





        Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.

        – Barmar
        yesterday
















      • 1





        Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)

        – studog
        yesterday






      • 3





        Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.

        – Barmar
        yesterday










      1




      1





      Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)

      – studog
      yesterday





      Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)

      – studog
      yesterday




      3




      3





      Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.

      – Barmar
      yesterday







      Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.

      – Barmar
      yesterday













      3














      This is not a problem.



      Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.



      Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.



      If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.



      Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.






      share|improve this answer








      New contributor




      Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.

























        3














        This is not a problem.



        Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.



        Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.



        If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.



        Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.






        share|improve this answer








        New contributor




        Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.























          3












          3








          3







          This is not a problem.



          Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.



          Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.



          If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.



          Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.






          share|improve this answer








          New contributor




          Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.










          This is not a problem.



          Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.



          Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.



          If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.



          Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.







          share|improve this answer








          New contributor




          Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          share|improve this answer



          share|improve this answer






          New contributor




          Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          answered 12 hours ago









          Paul JohnsonPaul Johnson

          1312




          1312




          New contributor




          Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





          New contributor





          Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






          Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.























              0














              No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).






              share|improve this answer








              New contributor




              ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.

























                0














                No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).






                share|improve this answer








                New contributor




                ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.























                  0












                  0








                  0







                  No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).






                  share|improve this answer








                  New contributor




                  ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.










                  No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).







                  share|improve this answer








                  New contributor




                  ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  share|improve this answer



                  share|improve this answer






                  New contributor




                  ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  answered yesterday









                  ZaxLoffulZaxLofful

                  1092




                  1092




                  New contributor




                  ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.





                  New contributor





                  ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






                  ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f202739%2fis-it-something-to-worry-about-when-my-browser-warns-me-that-my-connection-to-19%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                      Alcedinidae

                      Origin of the phrase “under your belt”?