Why TP-Link HTTPS web interface is detected as unsecure by some web browsers?

Sometimes, we receive some feedbacks which are related to the security issue of TP-Link web interface management via HTTPS. When customers enable Local Management via HTTPS option on TP-Link router to stay extra safe, some web browsers still report Not Secure when accessing HTTPS TP-Link web interface however. This article will explain why this happens with details.

The error message reported by some web browsers for TP-Link https web interface would be like the following picture:

The reason why our browsers recognize tplinkwifi.net as “insecure” is that tplinkwifi.net’s Certificate is a self-signed Certificate. Most browsers do not accept this kind of Certificate because tplinkwifi.net is not an authoritative CA.

However, even if our self-signed Certificate is not trusted, the connection between your browser and the tplinkwifi.net server is secure.

A Certificate's purpose is only to allow a client verify an unknown server. It has nothing to do with the encrypted connection. The data transmitted between the browser (client) and tplinkwifi.net (server) remains safe and encrypted. No one else could decrypt these data except the client and the server, because tplinkwifi.net uses TLS v1.2 as a secure connection builder. TLS v1.2 is a widely recognized secure connection protocol.

Take Chrome as an example, in our browser, access tplinkwifi.net and press "F12" on the keyboard, switch to the "Security" tab, you will see these following information:

From Chrome's security report, it is obvious that tplinkwifi.net is using TLS v1.2 and the connection is secure. We do not have to worry about the safety of our computers and router.

Notes: Finding more about CA and how CA works:

https://community.tp-link.com/en/home/stories/detail/1188

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.