TLS certificates in AVM Fritz products

In the german world, AVM is quite an important name for internet networking at home and as for many people, my home network is also powered by their products. Partly because my internet provider gave me a FritzBox to my contract, and partly because these products are really good and reliable.

Every AVM device has got a web interface to configure it. This is available on http://ip.of.fritz.box:80 or, as I learned some time ago, also on https://ip.of.fritz.box:443. The latter is using a TLS certificate, which I am wondering about. In particular, I found two different types of certificates here.

Fritz Box

When connecting the Fritzbox to AVM, it receives a DNS entry of the form something.myfritz.net. Which is in particular helpful as this serves as a dynamic DNS entry which updates automatically.

When calling https://ip.of.fritz.box, this name is used as the common name as the certificate. The certificate is self-signed though.

Fritz Repeater

These devices do not get such a name by AVM. Their TLS certificate is self-signed again, but this time, the common name is just the IP address the device received.

Certificate expiry

Here comes the part that actually surprised me. The expiry dates of all devices I am controlling were not equal, but quite close: All of them were on 2038-01-15 or 2038-01-16.

Year-2038 problem?

I know this date, right? On 2038-01-19, the world will vanish - since timestamps stored in 32-bit integers will overflow at 03:14:07 UTC.

Hence I claim the following: Somebody at AVM did not want to solve this problem now and decided to just make certificates valid long enough. Until then, this person will be retired and it’s somebody else’s problem…