Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3333
Views
15
Helpful
7
Replies

RV325 Certificates

Go to solution
PP48133
Level 1
Level 1

‎03-09-2020 12:47 PM

I have an RV325 router (Firmware: 1.3.1.12) with a self signed certificate.

With my new Mac I can't access anymore the router because of a certificate error.

Safari and Chrome: "connection is not private". ( NET::ERR_CERT_INVALID).

Probable cause: the browsers don't accept self signed certificates. 

What must I do to get access with my new Mac? Can you give me a detailed procedure?

Sorry I know nothing about certificates.

 

Thank you very much.

Paul Plehier

 

 
 
Labels:
Preview file
228 KB
Preview file
131 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
poe
Level 1
Level 1

‎03-09-2020 03:41 PM - edited ‎03-09-2020 03:42 PM

Hi,

 

As this is a Self Signed Certificate, it won't be trusted by a browser that hasn't explicitly trusted it. You can trust the certificate in MacOS by doing the following:

 

1. Download the certificate

2. Double Click on the Certificate File, and open it in KeyChain Access (You will need to enter an MacOS Administrator password to open KeyChain Access). This will load the certificate into the MacOS Certificate Store

3. In the KeyChain Access App, under "KeyChains" click System, and you should see on the right side a list of system wide certificates, along with the one you just recently added

4. In the KeyChain Access App, right click on the certificate you just loaded in step 2. and select "Get Info"

5. In the newly opened tab, the certificate details will be presented. There is a drop down arrow for "Trust". Select the "Trust" drop down arrow

6. After clicking the arrow in step 5, you will see a variety of permissions for where the newly added Certificate will be trusted. These options include "SSL, S/MIME, EAP, IPSEC, Code Signing, Time Stamping and X.509". As this is just the certificate that your router presents on the Web Portal, I advise you only trust this certificate for SSL, however you do have the ability to trust the certificate indiscriminately if you need to. 

7. Click the window icon to close the "Get Info" tab. You will be prompted to enter your MacOS Administrator credentials. Entering the credentials will save your new certificate trust configuration in the MacOS System Store for all MacOS users. 

8. Restart your web browser and navigate to the Web Portal. Your browser should now trust the certificate that is presented without issues

 

View solution in original post

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to poe

‎03-18-2020 02:27 AM

At least in the case of the Firefox browser, it doesn't use any of the underlying OS certificates - Firefox comes with its own set of Root CA certs as well as user-added certs. This means that if you browse to a site with Firefox, you may or may not have the same experience as other browsers that use the OS certificate store (e.g. Windows IE/Edge and Chrome) 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Arne Bier
VIP
VIP

‎03-09-2020 03:16 PM

There is a great hidden trick in Chrome. I have had to use this on systems like Cisco 9800 controllers when using Chrome. Chrome sometimes refuses to bring up the login page for a system with self-signed cert.

Solution: Browse to the page and wait for the error to appear on the page. Then type the following:

thisisunsafe

 

You won't see any characters - but as soon as you have typed the phrase, you will be allowed to proceed. It's a bit weird, but it works. key stroke logger in a Google product ...who would have thought, eh ;-)  What else are they logging ...?

 

See if that helps

Go to solution
PP48133
Level 1
Level 1
In response to Arne Bier

‎03-11-2020 07:29 AM

Hi Arne,

 

Great! It works !! 

Indeed: What else are they logging ...?

 

Thx

PP

0 Helpful

Go to solution
poe
Level 1
Level 1

‎03-09-2020 03:41 PM - edited ‎03-09-2020 03:42 PM

Hi,

 

As this is a Self Signed Certificate, it won't be trusted by a browser that hasn't explicitly trusted it. You can trust the certificate in MacOS by doing the following:

 

1. Download the certificate

2. Double Click on the Certificate File, and open it in KeyChain Access (You will need to enter an MacOS Administrator password to open KeyChain Access). This will load the certificate into the MacOS Certificate Store

3. In the KeyChain Access App, under "KeyChains" click System, and you should see on the right side a list of system wide certificates, along with the one you just recently added

4. In the KeyChain Access App, right click on the certificate you just loaded in step 2. and select "Get Info"

5. In the newly opened tab, the certificate details will be presented. There is a drop down arrow for "Trust". Select the "Trust" drop down arrow

6. After clicking the arrow in step 5, you will see a variety of permissions for where the newly added Certificate will be trusted. These options include "SSL, S/MIME, EAP, IPSEC, Code Signing, Time Stamping and X.509". As this is just the certificate that your router presents on the Web Portal, I advise you only trust this certificate for SSL, however you do have the ability to trust the certificate indiscriminately if you need to. 

7. Click the window icon to close the "Get Info" tab. You will be prompted to enter your MacOS Administrator credentials. Entering the credentials will save your new certificate trust configuration in the MacOS System Store for all MacOS users. 

8. Restart your web browser and navigate to the Web Portal. Your browser should now trust the certificate that is presented without issues

 

0 Helpful

Go to solution
PP48133
Level 1
Level 1
In response to poe

‎03-11-2020 07:37 AM

Hi Poe,

 

Works fine with Google Chrome, now I can access the router ( unsecured connection).

No change for Safari ("Connection not private" and no access).

Any idea for Safari?

 

Nevertheless thanks. 

PP

0 Helpful

Go to solution
poe
Level 1
Level 1
In response to PP48133

‎03-12-2020 11:09 AM

Hello,

 

I apologize, but I'm unsure why a certificate that is trusted at the system level similar to how I instructed would be trusted by one browser and not the other.

 

I advise that you clear all website data/ history in Safari as a troubleshooting next-step.

 

 

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to poe

‎03-18-2020 02:27 AM

At least in the case of the Firefox browser, it doesn't use any of the underlying OS certificates - Firefox comes with its own set of Root CA certs as well as user-added certs. This means that if you browse to a site with Firefox, you may or may not have the same experience as other browsers that use the OS certificate store (e.g. Windows IE/Edge and Chrome) 

0 Helpful

Go to solution
PP48133
Level 1
Level 1
In response to Arne Bier

‎03-20-2020 09:02 AM

Hi Arne,

 

Thanks for the Firefox-tip.

Now I am facing another problem: 502 Bad Gateway after upgrading from 1.

3 to 1,5 .  I found a procedure for solving this problem.

 

Thanks,

PP48133

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents