Re: RV320 Bad Certificate

Crazier · ‎01-04-2020

I was setting up my network anew, I had just finished wiping the RV320 and sanitizing it.

I loaded the wrong certificate from my computer and and now completely locked out of the GUI

It's still passing traffic, but I have no way of logging in to change anything further.

If I attempt to open the GUI I am just met with

You cannot visit 192.168.1.1 right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

Is there any way to clear the cert from the system without logging in?

The hard-reset button on the outside only appears to clear settings, and not certificates.

TFTP just gives me a connection timeout.

Putty wont grab a connection of any type.

Is this bricked, should I just go buy something new? Is this not an incredibly stupid problem that reset should fix?!

balaji.bandi · ‎01-04-2020

Here reset to factory reset :

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb4347-reset-to-factory-default-settings-on-rv320-and-rv325-vpn-rou.html

try a different browsers. or different computers after reset is done.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Crazier · ‎01-05-2020

Doesn't work across multiple browsers, and devices.

All of them block viewing the page.

AndersBerndtsson37833 · ‎01-06-2020

If Cisco update the firmware so a second hardware reset using the reset button also resets the certificates to default and it's also possible to load new firmware over USB then the interface can be accessed and problem solved, otherwise the router has to go to the trash bin.

AndersBerndtsson37833 · ‎01-07-2020

Found a way to download new firmware without user interface.

Power off.

Press reset button and power on, keep the button pressed for 10 second. (Diad LED red, pwr LED flashing green).

Set static IP v4 to 192.168.1.100 on PC.

connect router LAN1 to PC.

Open cmd window as administrator. (tftp need to be turned on in windows 10 (7)

execute "tftp -i 192.168.1.1 put RV32X_v1.5.1.05_20191001-code.bin".

So now its up to Cisco to make a new release where its possible to reset default certificate to initial certificate.

AndersBerndtsson37833 · ‎01-08-2020

After open the unit and removed the battery for 12 hours I finally manage to get it up running.

I downloaded the firmware over tftp both from my PC and Linux several times. Trying both 100Mbit and 1Gbit Ethernet.

I really don't know what finally removed the corrupt certificate and switched back the default setting to the pre-loaded certificate.

Anyway problem solved and I can now access the configuration over https with Chrome from my PC running Windows 10.

balaji.bandi · ‎01-08-2020

Glad all working at end, this is something Cisco TAC do not like to open the kit, since you loose warranty.

but you took the risk and working as expected well.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

AndersBerndtsson37833 · ‎01-08-2020

The RV320 is eos and eol so why bother about losing the guarantee.

The preloaded certificate is valid until 2022-11-09, what happens after this
date, will all routers configuration be blocked?

JayPerkins37568 · ‎07-13-2020

I smartly created a new self signed Certificate and locked my self out also.

What I tried that *didn't* work: Reflashing via TFTP with 3 different versions of firmware, and hard resets.

What *worked*: Used a more permissive browser that lets you click through bad certificates, and once in the router via that browser, deleted bad certificates. I used "Waterfox" at http://waterfox.net. Free download, runs on an MacBook Pro.

andrzej21 · ‎11-11-2022

waterfox don't working correctly

I was used web browser in old tablet with android 4.4 to log to router successfully with bad certificate.

Bartman1000 · ‎11-16-2022

Hello,

I've got the same problem with outdated certificate. Stupid me, I've generated new with random data and set as main certificate. I'm not able to login into admin panel in any way. Tried short (10s) and long (30s) reset. Tried to flush with tftp (no transfer at all). Bypassing certificate while accessing https://192.168.1.1 gives me only :

HTTP request sent; waiting for response...

Any other tip? Is it already bricked? In fact router was doing it's work as router before reset, just I needed it for VPN.

andrzej21 · ‎11-16-2022

Hello,

I use VPN too, so input correct certificate was necessary. Try log - via wireless - for example old telephone with old webbrowser and reset router (with certificate) in graphic menu. RV320 after reset prepare new correct certificate for next 10 years, so preparing independly certificate is really wrong way.
After this pushing the reset button and input new software via tftp, nothing changes with certificate ofcourse. Good luck!

Bartman1000 · ‎11-16-2022

I do not have problem to bypass bad certificate while accessing web admin. I'm using Lynx on my Ubuntu for example, or wget/curl with proper flags to ignore both bad certif and bad issuer. Then - it hangs.