Verizon Service, Actiontec Gateway, and SSL Certifcate

[Jeffrey Walton <noloader () gmail com>]

Hi All,

I have Verizon service which provides an Actiontec gateway. The
gateway is model MI424WR, running firmware 40.20.1. ("Firmware Update"
claims its up to date, even though there's been no updates for quite
some time, including patches to dhcp and libupnp).

Can anyone verify the certificate (and key pair) included with the
gateway is unique (or better, static)? Below are the thumbprints and
certificate details from OpenSSL after exporting the certificate (from
Firefox).

Bonus points: does anyone know how to generate a new certificate or
upload a new certificate? The Actiontec manual only mentions SSL
certificates when it says to ignore warnings and proceed because its
safe [1] (seriously!).

Thanks
Jeff

[1] http://support.actiontec.com/doc_files/MI424WR_Vz_User_Manual_4.0.16.1.45.160_v4.pdf

$ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint
SHA1 Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11

$ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group
        Validity
            Not Before: Jun  3 11:11:43 2004 GMT
            Not After : May 29 11:11:43 2024 GMT
        Subject: C=US, CN=ORname_Jungo: OpenRG Products Group
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31:
                    55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63:
                    cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3:
                    aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85:
                    b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49:
                    fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3:
                    ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b:
                    06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96:
                    31:f2:d1:65:58:3e:66:fd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:TRUE, pathlen:5
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment,
Data Encipherment, Certificate Sign
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, Code Signing, E-mail
Protection, TLS Web Server Authentication
            Netscape Comment:
                Jungo OpenRG Products Group standard certificate
            Netscape Cert Type:
                SSL Client, SSL Server, SSL CA
    Signature Algorithm: md5WithRSAEncryption
         9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12:
         92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56:
         b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b:
         73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35:
         77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81:
         c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db:
         51:ef:06:75:39:b6:20:04:c0:cc:44:7c:38:a1:91:6c:13:2d:
         5e:ab
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.