05-03-2021 06:54 AM
Hi:
I just upgraded my RV340 to 1.0.03.21 from 1.0.03.20.
After the upgrade, my SSLVPN would not work.
I am using CISCO anyconnect. I get an error "no valid certificates available for authentication".
I rebooted the router back to 1.0.03.20. The VPN now works.
I am using the default self signed certificate. I access the router from the vpn by the outside IP address.
Is there a bug with this firmware, or do I need to do something with the self signed certificate.
Thanks
05-03-2021 07:37 AM
In the What's New section the following is mentioned :
Allows to select the 3rd party certificate as primary certificate.
Perhaps this is not the problem, but , if you can find the setting make sure the intended certificate is set as primary.
M.
05-03-2021 07:44 AM
This was not the problem. The primary / default is the self signed certificate that came with the router.
Thanks!
05-03-2021 07:51 AM
- Is the certificate still 'visible' and or can it somewhere be shown in the upgraded version ?
M.
05-03-2021 08:04 AM
The router is currently on the prior release (which is working fine). I will reboot it this evening to the new release and then review the certificates.
Thanks
05-03-2021 08:59 AM
- Ok, review the certificates in the 'current situation' too ; then you can compare.
M.
05-14-2021 05:48 PM
Hi
Maybe you should do the below too, after your router is booted into v1.0.03.21
1. Verify that the date & time is set to present date/time (check this out in System-Mgmnt/Time page)
2. Go to Admin/Certificates page and check what is the validity time-period displayed for the "Default" certificate. Usually it will be valid upto 2051...
3. Next go to VPN/SSLVPN page...and check whether the "Default" certificate is still selected in the Certificate settings...no harm done in clicking on Apply and then do a permanent Save here again at this juncture
I think if everything's ok in above steps, then it should work...
If i were you i would "Always" do the following, in any release or version OR any other Router of any other vendor:
1. Verify that the date & time are set to present date/time on the Router
2. Go to Admin/Certificate page and quickly create a new Self-Signed Certificate (steps as shown in attachments)
- Here i would ensure the below points while creating the Self-Signed certificate
a) Do not enter any email-address in the email-address line-item below the Common-Name...this is no longer allowed in latest x509 certificate standards. This field is still there for supporting any legacy olden-days requirements...
- These days in present x509 certificate standards, the email-address is supposed to be present mandatorily in the "subjectAltName" field of the certificate when generated
- so i suggest that simply keep it blank
b) Give the validity period of atleast 10 years 3650 in this case
3. Next go to VPN/SSL-VPN page and now select your new Self-signed cert and Apply and also do a permanent save to the startup-config (in Admin/Config-Mgmnt page)
cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide