RVL200 SSL VPN Certificate Expired / Not Working

Unanswered Question
Jul 21st, 2009

A couple of weeks ago, my RVL200 lost its SSL VPN functionality.  All appears to be working fine, until I try to open the VPN tunnel, at which point Windows/IE security won't let the ActiveX add-on run, because the certificate for xtunnel.cab is expired.

I tried updating to the Beta, but it made no difference.  This functionality is critical for me.  Please tell me there is an easy/immediate fix.         

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Te-Kai Liu Wed, 07/22/2009 - 06:15

As a workaround, you could add the RVL200's portal page to the Trusted Sites of the Internet Explorer and set the Security Level of Trusted Sites to Low to bypass the checking on the certificates of ActiveX add-ons.

asamadani Wed, 07/22/2009 - 11:39

Thanks.  Yes, that would work, but I'm not comfortable having everyone do that.  Any way to get an updated file/certificate?  The whole point of the RVL200 is to allow secure SSL VPN functionality.

kbaiocchi Wed, 08/05/2009 - 19:01

Same problem for me, I spoke with Cisco this morning and they recommended that I post this here.

Cisco, please update your Certificate!


itareITARE Thu, 09/03/2009 - 16:18


I suppose I have a related problem. First time setting this up, though.

I'm not allowed to install the software (ActiveX) due to the "Publisher can not be verified", the certificate has expired just as you say.

Have tried the workaround - no luck at all...

Any suggestions?

Te-Kai Liu Fri, 09/25/2009 - 00:15

>I'm not allowed to install the software (ActiveX) due to the "Publisher can not be verified", the certificate has expired just as you say.

If you set the security level of your IE browser to low correctly, the browser will bypass verifying the signing certificate of the ActiveX components, and therefore you should not see any error message complaining about expired certificate. If you encounter any problem, perhaps you can consider giving the Small Business Support team a call.

asamadani Fri, 09/25/2009 - 11:25

I totally agree.  And frankly, it's asinine that this issue has to be sent to engineers or programmers or whatever.  It's a simple patch - UPDATE CERTIFICATE!  Done.

daviddun Thu, 09/10/2009 - 13:21

Good Afternoon,

I wanted update you on the POST.  The engineers are still working to fix the issue and should have the issue resolved soon.

Check the above listed post from me for a possible work around

Have a great day :)

itareITARE Thu, 09/10/2009 - 14:05

Thanks for the update David!

You may have seen that I can't get the workaround to work either...

I suspect that this is very much related to the cert-issue, but what can I do to get the workaround to work for me??

Many thanks in advance! :)


daviddun Fri, 09/25/2009 - 11:45

Good Afternoon,

This problem has been escalated to the engineering group and they have no news as of this morning.  I will continue to keep this board up to date as I hear things form the engineering group.

technorth21 Thu, 10/01/2009 - 08:32

Hi, Still waiting on an update on this issue.  Has there been any progress?

molecules Fri, 11/06/2009 - 07:07

What possible excuse do the engineers have for why it takes from Sept to Jan to update the expiry date on a certificate? This is ludicrous!

David Hornstein Sun, 11/08/2009 - 19:23

Hi Molecules,

My thought is that it's not the engineers that are taking too long,  how long does it take to create a certificate and compile the new firmware release and then  system test the result and make the software available.

I think the delay is the  internal approvals to get GPL code updated and all the legal niceties correct, updating the cisco.com websites and support sites.

There are work arounds at the moment that David Dunlap has documented in this thread.

It's annoying for us as well, but not ludicrous, see the following URL;


regards Dave

David Hornstein Fri, 03/19/2010 - 10:10

I feel the pain guys, and posed the question to my next level of support.

RVL200 firmware fixed the Expired Certificate issue. QA has approved the firmware and customers can get the firmware from Tech Support.

So i believe since the software isn't released as yet or generally available, you may have to approve a beta or pre-release agreement to get that software.

So ring back to the good folk at the Small Business Support center, their contact URL follows;


Refer them to this posting and I am more than willing to help facilitate what needs to be done.


Dave Hornstein

power_0025 Tue, 03/23/2010 - 15:41

Unfortunately, the good folks at the Small Business Support center have no idea that this beta firmware even exists, let alone where to get it.  They said to just wait until it is put on the website.

asamadani Tue, 03/23/2010 - 16:02

Any chance someone can get it from whomever has it and email it to those of us that need it?  Or send it via PM?  Pony Express?  I don't really care, I just want/need it.  This has been an issue for WAY too long.

hksuperrabbit Tue, 03/30/2010 - 02:52

Hi Dave,

I am in Hong Kong and therefore I contacted the Cisco Small Business Support Centre in Hong Kong via the following phone number in dealing with this certificate expired problem; the phone number (Hong Kong  800 9 0 3154) was found in the Cisco Small Business Support Centre Contacts web page which you mentioned in your previous advice dated 29 Mar 2010.

I described the background of my RVL200 certificate expired problem in details, telling the support centre staff that I could not locate the firmware version ( in the official Cisco website; and I therefore requested the support centre to find and email this firmware to me.

The following is the official reply from Mr. Ivan Chen, the China Small Business Technical Support Engineer ( his email : [email protected]), to my case (case id: 614017821) on 30 Mar 2010, I've "cut-and-paste" such official reply for your reference so that you understand that local Cisco Small Business Support Centres at individual country are not working as what the Cisco Headquarters is expecting :

Dear XXX,

We had tried hard to find the firmware version v. for RVL200 but there is only v.1.1.7 available in Cisco official web site.

We hereby provide you a case id: 614017821, Please take it down and tell the number to engineer when you call back next time.

And we will follow up with the case and make you posted if there any upgrade about that.

Thank you!

Best Regards,


Ivan Chen
China Small Business Technical Support Engineer

Thanks for all your time and efforts in putting resources together to tackle this problem; but end-users are still suffering due to complicates Cisco administrative procedures which still holding a ready-to-delivery firmware to remedy the situation. Help! Would Cisco please place the latest firmware in the official Cisco website for us to download so that we all can save our efforts in posting our complaints/difficulties on this matter !

After all, I choose to buy and use Cisco products are not only because of their reliable hardware and software; I also trust on their effective, efficient, and professional services when Cisco customers encounter Cisco problems. This issue has been outstanding for months, and this issue happened on a Cisco Security Product which is very critical for small business activity. I really do not understand why Cisco is so reluctant in providing the solution in an easy way!!!  I supposed Cisco should provide the solution to Cisco's customers whoever in need without any delay for a Network Security Product to safeguard Cisco's reputation in the industry !!!

Dave, please escalate our pains to the proper group/person in Cisco once again please !

Thank you very much in advance for all your efforts provided to this matter.


xtophus2010 Mon, 04/19/2010 - 21:06


I just bought a new RVL200 for the SSL VPN capability and seem to be suffering from the certificate/ActiveX issues.

The only available firmware on the website is still 1.1.7.  I'm assuming no solution has come out?

What are the risks of using the posted work-arounds?

It's 4/20/2010, is the RVL200 still a supported product?

If not, should I just return it? I don't want to waste my time...

Thanks for any advice!

molecules Mon, 04/19/2010 - 22:05

This has been an ongoing problem that has remain unfixed for an extended period of time. I recommend returning the product. The certificate issues will drive your users nuts and the way to circumvent it using browser exceptions, etc. is obscure at best and near-impossible on a bad day where you happen to forget the arcane sequence of workaround commands. The RVL200 does not appear to be actively supported as a quick review of the outstanding issues listed in this forum will show and when you consider that the certificate expiry issue is trivial for Cisco to fix - I suspect an unpaid Stanford engineering intern could do it in a morning.

businessuser Tue, 04/20/2010 - 05:17

I'm getting pretty annoyed by what appears to be almost a complete
lack of effective response in this matter.  I have two of these things
and I just can NOT walk some people (read: elderly family members)
through the positively baroque procedure of reducing security to make
it work.

Furthermore, security was one of the reasons that I purchased them in
the first place!  In nine years, I have flat out refused to place any
other solutions than combined Cisco/Linksys.  I sold the end-to-end
support.  How the heck am I supposed to sell this?  I can't.  Am I
missing something?

If Cisco is indeed going to ditch this product (as their lack of
effective, clear and easy solutions indicates) , then could they
PLEASE CONFESS to this so that I don't waste any more of my time
waiting around?  AND my money.  And other people's money!

In perhaps a more productive vein, I noted that the unit CAN generate
certificates.  Is there some way to use this to work around the issue
of the expired default certificate?  Can I buy some sort of
certificate from a third party commercial vendor (Thwate or some other
likely suspect)?

Another thing that suggests itself is a Windows (Visual Basic) script
that does the modifications to Internet Explorer (IE).  Has anybody
tried this?  I'm a pretty good hand at Visual Basic and know that it
can be used in conjunction with IE.

It's really starting to look like we are on our own.  What can we do

to solve the issue ourselves (besides returning the unit)?

    COME ON CISCO!!  There is money on the table for some of us!!

xtophus2010 Tue, 04/20/2010 - 06:14

Thanks for the feedback,

I aggree, if the RVL200 is no longer supported then Cisco should just say so. The customer should not be left in the dark and ignored!

streaves Tue, 04/20/2010 - 13:23

Checked with RVL200 engineering today and have been advised that a firmware update will be available around the first of May. Understand your frustration and appreciate your patience.

Please stay tuned.

Thanks, --Stephanie

wooscot66ol Thu, 06/24/2010 - 07:57

Is the firmware release from April 22nd 2010(from the Cisco Site) the fix for this issue?

xtophus2010 Tue, 04/20/2010 - 06:09

Thanks for the feedback.

I got the RVL200 so I could use SSL to secure IP camera streams. My goal was to be able to securely view the IP cameras from a an SSL enabled browser (IE8). I needed the RVL200 because the IP cameras are not SSL capable. Can the RVL200 be used for this?

I did manage to get the cache-cleaner to install by using the ActiveX workaround, but have not attempted to set up an SSL VLAN yet. I've never set up an SSL VPN before, does anyone have a tutorial on how to do this with the RVL200?


MTokarski Wed, 10/14/2009 - 08:59

I could not install the virtual passage on a 64 bit laptop and it stated it was not compatible. Will the fix cover this as well?

daviddun Wed, 10/21/2009 - 10:58

Good Afternoon,

I wanted to let everybody who is monitoring this that I have submitted the list to the PE to speed up the resolution of a new certificate.

Please be patient as we try to get them to fix this ASAP

daviddun Fri, 10/23/2009 - 07:42

Good Morning,

I wanted to let everybody who sent me the last batch of emails, that I also added them to the growing list

I hope to hear from the escalation group a status update soon.

Have a great weekend :)

daviddun Thu, 10/29/2009 - 08:51

Good Afternoon,

I wanted to keep everybody updated on the forum that the escalation group has been made aware of the growing list and they told me they are pushing for a quick response from the Product Engineer.

Currently the fix is scheduled to be JAN 2010 or sooner

In the meantime, please try the workaround that was posted earlier in this forum

Have a great weekend :)

mcgannsteve Mon, 02/22/2010 - 18:51

Hi David,

Any update on the issue.  It was report that it might be fix End Of Jan, it now end of Feb.



hksuperrabbit Thu, 03/18/2010 - 03:04

Does any one have any solution tothis Certificate Expired problem and post their solution for all to share ? Many thanks in advance !

1. I have heard from the internet that there is a new firmware (i.e. version ) which would fic this problem, but I cannot find where to download this version.

2. The latest RVL200 firmware from the official website only provide the version  1.1.7, why ?

3. I searched in the internet and observerd that brand new RVL200 is could be purchased in the internet, does that means even a brand new RVL200 would also need to face this problem ? If the answer is NO, then why brand new RVL200 have no Certificate Expired problem ? If the answer is YES, why CISCO selling non-worksable brand new product in the market ?  I supposed CISCO should realize that they would receive more complaints for each brand new RVL200 sold in the market !!

4. I never seen any official reply from CISCO in regards to this Certification Expired matter ? How do we know that CISCO is working on this problem  in a high priority ?

If CISCO is not seriously tackling this problem nowadays,  I am so worry that this problem would not be addressed by CISCO any more once this RVL200 is phased out !  (sooner or later !)

Can any one answer me ?

cobera_az Fri, 12/04/2009 - 12:25

I'm having the same issue with my RVL200 the cert shows the same expiration date Cisco Small Business group told me to turn the active X settings on internet explorer way down to make it work.  However this is not a valid workaround.  With the possibilities of viruses and Trojans bleeding through Active X I can't believe we need to compromise our security due to a fault with the product.  That is absolutely absurd!

David Hornstein Thu, 06/24/2010 - 08:23

Hi cobera,

There is new software out there.  I just checked the release notes and copied a couple of things fixed with this version of code version

Issues Resolved

• Corrected the expired certificate issue with the ActiveX components of Virtual Passage.

• Corrected a problem where Remote Management and SSL VPN cannot function properly in Router mode.

• Corrected a problem where Port forwarding cannot be configured properly if the router's LAN IP is

and the list goes on.  So try downloading version and see if it resolves your issue.


regards Dave


This Discussion

Related Content