cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31343
Views
20
Helpful
55
Replies

SSL Certificate errors on websites since using Cisco RV130 router

frederick111
Level 1
Level 1

Dear reader,

 
The problem we are having is very random, but various colleagues of mine are getting a NET::ERR_CERT_COMMON_NAME_INVALID in Chrome when trying to access their gmail or calendar from Google. Now I know what you might think, this must be a browser problem, but in most cases, switching to another browser simply results in the same problem, just a different formulation of the problem (since hey, it's another browser).
 
Now here comes the weird part, this all started SINCE we placed the Cisco RV130 router in our network. Before that our ISP issued Modem was in Modem/Router mode (now it's been set to Bridge mode by the ISP, I cannot set this myself!) and the aforementioned router was placed in between our first switch (A Netgear GS748T) and the modem.
 
Various things that I have checked, but first and foremost lets handle the occurrence. The problem only happens sometimes, say a person comes into the office, starts his or her computer, gmail works fine. Then after a few hours they get this error, and after refreshing for like 5 minutes the problem disappears and they can check their Gmail again. Others have this when accessing their calendar but not when opening their gmail. So to sum this all up, it's completely random. So far I am the only one who's experienced it with another website (as in, other than gmail or the gmail calendar) and that was when I tried to access Facebook.com, but this has only been once so far, and honestly I don't care at all if this would ever happen again since the other two websites are way more important.
 
Computers are running Kaspersky Internet Security, and although the problem only started recently I have tried disabling it when somebody was experiencing the problem but this didn't result in being able to access the aforementioned pages.
 
Another thing I have checked which seemed to pop up quite often (but given this error message I think it doesn't matter) is the system time on computers. Which I have made sure it was synced and therefore correct. 
 
Also, just now I was able to find out this. When I had the problem on a colleague's computer I did a ping to both www.google.com and www.apple.com (given the subject of the error) and the results were this:
 
www.google.com:
 
Pinging www.google.com [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59


Ping statistics for 95.100.141.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 11ms, Average = 10ms
 
&
 
www.apple.com:
 
Pinging e3191.dscc.akamaiedge.net [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=16ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
Reply from 95.100.141.15: bytes=32 time=15ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59


Ping statistics for 95.100.141.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 16ms, Average = 12ms
 
I don't think it can be correct that both resolve to the same IP address even though I'm pinging to two different webpages. Am I transitioning into a rounting / switching / dns problem here or is this still a Chrome problem? Any help would be appreciated because I'm quite at loss!
 
Best regards,
 
Fred
 
P.s. I have added two images of the resulting errors from Chrome.
 
 
 
 
 
[edit]
Forgot to mention that I have started a similar discussion on the Google Chrome forums, but other than flushing my dns in Windows and clearing my host cache in chrome I haven't gotten any results yet. And that only seems to solve the problem temporarily.
55 Replies 55

This fix worked for me too. I also had to lower the MTU settings to: 1380 to get it to work perfectly. These  Cisco routers are shite! Don't buy them!!!



Thank you for posting this solution!

I've seen these certificate errors for months in my web browser when accessing Gmail, in OSX Calendar app, and iTunes. I switched OSs, web browsers, double checked time settings but nothing helped.

Finally, I googled about what I thought is the last thing to cause these problems, which is the router. I landed here, and then it clicked. 

I took me months to finally realize these random errors (mostly for Google and Apple services) started once I switched to RV130. I neglected these settings when I first configured the device and I would never consider them as a root of the problem if it weren't for your post here. So far, the solution seems to be working, though I'll need a couple of days to be sure. AFAIR this "use DNS proxy" setting is a default one and people usually expect defaults to work perfectly or not work at all, where the second case is quite easy to debug because the problem is evident, so unlike this "bugfoot" certificate error we experienced. 

I bought Cisco router to have fewer network problems but it turned out not so simple at all. I wish they at least made an official guide/quick fix/FAQ entry out of this thread if they don't want to fix it (maybe this can't be fixed, who knows?) just to let people who struggle with the problem find the solution easily. 

erik.nyman1
Level 1
Level 1

is this still a problem with the newest 1.0.3.14 firmware? was thinking about buying one today, then i saw this

Haven't tried this latest release yet. In fact, I got so bored with it that I decided to keep using Linksys E2000 for a while longer until the issues were resolved.

So hopefully someone else can try this out, or perhaps I give it a go myself a little later.

Yes, I tried it out. I have to say it is a lot better than before but I still have the occasional security error (page cannot be loaded because it is an unsecure connection). Switching back to the E2000 and the problem disappears.

Seems they are getting there, but not quite yet.

Wish that helps.

thanks for the answer, it helps, i will not buy this Product, which is sad, it looked good on paper

mathiasdegroof
Level 1
Level 1

I have the exact same problem. We use this router in our company and we are having random ssl problems ever since. The router seems to return the wrong certificate. For example when visiting google the router returns the certificate for apple...

I can't believe Cisco doesn't address this issue. I really get the feeling that Cisco doesn't care about their small business line. I have had a lot of problems with their access points, and now this. I hope we can still return the unit. No more Cisco for me.

Frank Papa
Level 1
Level 1

Exact same problems here.  No Kapersky.  Will be getting rid of this and other Cisco devices in our small company.  Too unreliable.

I have sold 3 of the Cisco RV 130 routers to a client for each of their offices, and immediately had the same issue with HTTPS/SSL errors at each office. I have installed the latest firmware (RV130X_FW_1.0.3.22.bin from November 4, 2016) on each of them and the issue persists.

This is a detrimental issue because it makes it where the client can't access their primary line-of-business application or email intermittently. Very disappointing to see this issue has been on the discussion forum for 2 YEARS with no resolution. From now on it is SonicWALL for me and my clients.

I would like to see Cisco reimburse clients who have purchased this piece of garbage and provide a firmware patch for those still willing to use it. I wasn't expecting a Cisco ASA, but I expected a business grade router that would provide basic functionality for web traffic and an IPSec VPN. 

Couldn't agree more. It's a piece of sh*t and Cisco doesn't care. I would recommend everyone to stay away as far as possible from the entire small business line: I have had similar problems with the small business access points.

The small business line are obviously half-baked products that are worse than most home products and overpriced. The only reason they sell is because they have the Cisco name on them.

trevvy
Level 1
Level 1

This is so frustrating. CISCO Please fix this issue. This is making the internet connection almost unusable.