cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31346
Views
20
Helpful
55
Replies

SSL Certificate errors on websites since using Cisco RV130 router

frederick111
Level 1
Level 1

Dear reader,

 
The problem we are having is very random, but various colleagues of mine are getting a NET::ERR_CERT_COMMON_NAME_INVALID in Chrome when trying to access their gmail or calendar from Google. Now I know what you might think, this must be a browser problem, but in most cases, switching to another browser simply results in the same problem, just a different formulation of the problem (since hey, it's another browser).
 
Now here comes the weird part, this all started SINCE we placed the Cisco RV130 router in our network. Before that our ISP issued Modem was in Modem/Router mode (now it's been set to Bridge mode by the ISP, I cannot set this myself!) and the aforementioned router was placed in between our first switch (A Netgear GS748T) and the modem.
 
Various things that I have checked, but first and foremost lets handle the occurrence. The problem only happens sometimes, say a person comes into the office, starts his or her computer, gmail works fine. Then after a few hours they get this error, and after refreshing for like 5 minutes the problem disappears and they can check their Gmail again. Others have this when accessing their calendar but not when opening their gmail. So to sum this all up, it's completely random. So far I am the only one who's experienced it with another website (as in, other than gmail or the gmail calendar) and that was when I tried to access Facebook.com, but this has only been once so far, and honestly I don't care at all if this would ever happen again since the other two websites are way more important.
 
Computers are running Kaspersky Internet Security, and although the problem only started recently I have tried disabling it when somebody was experiencing the problem but this didn't result in being able to access the aforementioned pages.
 
Another thing I have checked which seemed to pop up quite often (but given this error message I think it doesn't matter) is the system time on computers. Which I have made sure it was synced and therefore correct. 
 
Also, just now I was able to find out this. When I had the problem on a colleague's computer I did a ping to both www.google.com and www.apple.com (given the subject of the error) and the results were this:
 
www.google.com:
 
Pinging www.google.com [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=11ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59


Ping statistics for 95.100.141.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 11ms, Average = 10ms
 
&
 
www.apple.com:
 
Pinging e3191.dscc.akamaiedge.net [95.100.141.15] with 32 bytes of data:
Reply from 95.100.141.15: bytes=32 time=16ms TTL=59
Reply from 95.100.141.15: bytes=32 time=9ms TTL=59
Reply from 95.100.141.15: bytes=32 time=15ms TTL=59
Reply from 95.100.141.15: bytes=32 time=10ms TTL=59


Ping statistics for 95.100.141.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 16ms, Average = 12ms
 
I don't think it can be correct that both resolve to the same IP address even though I'm pinging to two different webpages. Am I transitioning into a rounting / switching / dns problem here or is this still a Chrome problem? Any help would be appreciated because I'm quite at loss!
 
Best regards,
 
Fred
 
P.s. I have added two images of the resulting errors from Chrome.
 
 
 
 
 
[edit]
Forgot to mention that I have started a similar discussion on the Google Chrome forums, but other than flushing my dns in Windows and clearing my host cache in chrome I haven't gotten any results yet. And that only seems to solve the problem temporarily.
55 Replies 55

stpa67001
Level 1
Level 1

The certificate error means the common name on the certificate does not match the domain name you are surfing to but what causes it is unclear. It could be anything from a false site to a problem with the rv130 or your isp, maybe you have a corrupt security software.

 

Have you checked for any firmware updates to the RV130 or tried to reinstall one your computers and see what happens. Also if you have the possibility try the RV130 on another internet service.

I could try to use the RV130 on my home network possibly and see what happens, but truthfully I'm not considering keeping this device that long if this problem keeps occurring.

Regarding the firmware, the latest version of the firmware is on the router. And I have, coincidentally, reinstalled several laptops in the past week that all had the problem before reinstalling and still have it after reinstalling.

We do have a piece of internet security software, which is kaspersky internet security, but disabling it doesn't help and secondly, we've had that long before we started using this router and the problem never occured then.

Is there at all a possibility that the router is causing this? If the answer is yes then I think I don't have any more time left to invest in looking for a cause and will just return the product and search for a new router. Preferably still a Cisco, but definitely another one than the RV130. 

Hello, I have same problem about certificat and same router, a brand new Cisco RV130W. But I dont use yet VPN feature. My customer use too Kaspersky internet security.

Dont know if it's about the 'mariage' of rv130 and kaspersky but anyway kaspersky is very popular and if it's about that we should be a lot with this trouble.

I find a littlebit od to see on a cisco forum no answer about that ! And very disappointed, if I change a piece of shit router with a small business cisco to get more troubles and stress...

Well hope one cisco admin can answer us quick because it's professional customers not private user...

One thing you could try to at least rule out dns problems is to configure other dns servers, for example google public dns servers in the router dhcp scope as static dns :

 

Google dns1: 8.8.8.8

Google dns2: 8.8.4.4

 

See https://developers.google.com/speed/public-dns/docs/using

 

-EDIT-

 

I just googled "kaspersky ssl authentication error" and a lot came up so Kaspersky has had this problem before especially in Chrome. Try to uninstall Kaspersky and see what happens, on windows you can rely on Defender/MSE at least for the time it takes to see if Kaspersky is the problem.

 

If it is Kaspersky that causes it see if Kaspersky forums has anymore info on it.

Hey,

Thanks for the suggestion. I did however, almost a week ago, changed the DNS's of our router to the Google DNS just to see if it would make a difference. Sadly it did not however.

 

In the meantime I will also look at the Kaspersky forums today and see if I can find anything helpful there.

Same Problem here with our RV130!
No Kaspersky in this Network!
No Problems with RV180...

Excactly the same here...

No problems with RV180 and RV320 but HTTPS certificates errors with RV130.

Hope Cisco will do somethings soon...

 

After disabling Bonjour on the RV130, the problem seems resolved.

Can you try this out?

I will report if the problem comes back.

I have disabled Bonjour and am still having problems as well.

FOUND A WORKING SOLUTION

Under Firewall, check (tick box) - Enable Cookies. (If it already checked, uncheck then save, then check again)

This fixed the frustrating problem for me on RV325

Thanks for the info!  I had the same problem with a RV220, and a couple of RV180's.  I solved it by replacing them with routers from another company (that work properly)!

I had the problem on a RV130 a few firmware versions back, and switching to a RV180w eliminated the problem (operating for more than a year now).

A recent RV130W had SSL certificate browsing issues on implementation with the latest 1.0.3.22 firmware, but seemed to be ok after a full reset via the hardware reset button and has been working without reported issues at a new site.  I also used the wizard during the second round of programming, vs my usual cancelling the wizard and doing all of the programming manually.

Regardless of whether the reset & wizard use eliminates the SSL issues, a new bug I've found on the RV130W causes all web browsing to go dead if the wifi is used heavily.  This symptom can be easily recreated by doing large data transfers through a wifi-connected client using a utility like Totusoft's LAN Speed Test to a NAS.  The data transfers do not go down, but web browsing stops working and no errors are reported in the router logs.

I've tried reconfiguring the wifi to various restricted modes vs the defaults (cutting support for B clients, disabling frame bursting, fixed vs auto channels etc) but nothing resolves the wifi load crashing web browsing via the gateway.

My test environment involved no use of the RV130W's DNS or DHCP (as both services were being provided by an external server) and access to the SMB share on the NAS is never lost, so the crash is happening in the gateway routing from the WAN vs the LAN.  I normally use an RV320 (and have tested many other models and brands of routers) in this environment with zero stability issues in the WAN routing through the gateway.

In between going from the RV130 to an RV180W in the previous post, I tried a TP-Link TL-R600VPN v2 for kicks which booted extremely fast but would eventually crash and go completely offline with their final firmware release from Aug 2014.  TP-Link support was pretty useless and to date never produced any newer firmware for it; for perspective, the site had about 20 desktop clients and misc mobile devices.

A previous Netgear router in the same office was reliable but slow and couldn't meet its rated 60Mb WAN routing spec, bottlenecking the connection with its limited WAN routing performance levels more and more as their firmware development continued.

The Netgear also had extremely buggy VPN support; Netgear support was terrible and eventually fixed the issue (when I got aggressive with them) in a never-released beta and then broke the VPN feature completely in their next generation of 4.x firmware for the device.

I have since used mostly RV180, RV130 and RV320 product lines, with the substantial issues being the RV130s (SSL browsing errors, port fwd'ing single ports as a range workaround, and now these wifi / WAN bugs) and a stability issue with early 1.3.1 firmware on the RV320s (which was latter pulled).  For small office use, these product lines have been stellar in comparison.

I normally use separate wifi APs, so the token gesture wifi in these Cisco RV1x0W SMB products isn't usually worth anything to me unless the client's wifi needs are little to no priority, but it should at least function and not crash the basic routing functions...

I think the moral to this story is pretty clear. Cisco small buso esa range as the other brands like tplink and  netgear are shite. Spend the extra cash and go for a real business solution from Cisco.