cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2906
Views
5
Helpful
5
Replies

Cisco RV320 ssl certificates removed

ProgrammerFilip
Level 1
Level 1

Hello,

 

i have a Cisco RV320 router and i have by mistake in the webui removed the ssl certificates resulting in the webui timeing out and not working, i have tried in browsers edge, chrome and firefox so its a server side error.

 

When curl'ing it:

curl 192.168.1.1 -v
* About to connect() to 192.168.1.1 port 80 (#0)
*   Trying 192.168.1.1...
* connected
* Connected to 192.168.1.1 (192.168.1.1) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.26.0
> Host: 192.168.1.1
> Accept: */*
>
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.10.1
< Date: Mon, 01 Oct 2018 15:49:12 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< Location: https://192.168.1.1/
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.1</center>
</body>
</html>
* Connection #0 to host 192.168.1.1 left intact
* Closing connection #0
root@linux:~# curl https://192.168.1.1 -v
* About to connect() to 192.168.1.1 port 443 (#0)
*   Trying 192.168.1.1...
* connected
* Connected to 192.168.1.1 (192.168.1.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate
* Closing connection #0
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

 

 

i reseted the router and held the button for 30 seconds plus and it did not regenerate the certificates, how do i solved this problem?

do i need to load a new firmware into it?

5 Replies 5

pieterh
VIP
VIP

I'm not sure but possibly it did generate new self-signed certificates.

and my guess is the error means the old cert is stored somewhere locally and the new cert does not match

-> remove the old cert from your local cert-store  (/etc/ssl/certs)

I cant login to router in any way or form, i have followed the guide and used tftp to upload and install a new firmware in and it rebooted and i have the same error, the ssl certs are not regenerate or replaced, does anyone have a solution?

Hi there,

 

 

"i have followed the guide and used tftp to upload and install a new firmware in and it "

What exactly did you do?, just button and power connector?

how did you verify new firmware is loaded? from the log of the tftp server?

 

in your reply I dont see any reference you checked your local certificate store

this is about the workstation FROM which you are trying to acces the router (curl'ing it), not on the router 

I have the same problem. I have found that if you try to remove a certificate on the RV320, the router refuses to connect when rebooted.

 

So, following Cisco instructions, I powered off, held the reset button (for both 10 and 30 seconds), powered back on. Then uploaded the latest firmware via command line TFTP and received a success message that the firmware upgrade was uploaded.

 

However, the RV320 still won't allow connections via any browser. I can ping the router at 192.168.1.1.

 

I have tried rebooting the router without success.

 

Learned Take-away: Don't mess with certificates on the CISCO RV320 router. When the self-signed one expires, just hrow the router away and get a new one (probably not a CISCO brand).

.

I have the same problem. I wanted to be especially "clever" and tried to replace the default self-signed certificate with regular ones (signed with CA, correct host name, etc). I ended up with being locked out from the Web GUI with the message: "You don't have permission to access /cgi-bin/ssi.cgi on this server". From another thread I have learned that the problem may also arise if VLANs are configured. And I have configured several VLANs. Therefore I am not sure wheter the problem was caused by messing up with certificates or configuring VLANs.

However, it seems that I can still access Web GUI from the Default VLAN (the one with the tag 1). Luckily, 2 ports on my router are not used and still have their default configuration (untagged VLAN 1). Connecting a notebook directly to one of those ports and accessing the router via VLAN 1 subnet did the trick: I was able to access web GUI again.

I have upgraded to the latest firmware 1.4.2.22 and suddenly, the web GUI was again accessible from other VLANs as well. So I thought that the problem was resolved. But no, after rebooting the router, the problem reappeared. So my current status is that I must go with the notebook into my cellar every time when I want to configure my RV320. Luckily, it is not likely to happen so often, so I can basically live with that. I'd like to discuss this with cisco experts but I don't have the service contract, so I can't rise a TAC. It also doesn't seem to help much, because this issue seems to have existed in all 1.4 series firmware versions and was raised by many customers, but cisco still didn't find time to resove it.