A couple of weeks ago, my RVL200 lost its SSL VPN functionality. All appears to be working fine, until I try to open the VPN tunnel, at which point Windows/IE security won't let the ActiveX add-on run, because the certificate for xtunnel.cab is expired.
I tried updating to the 22.214.171.124 Beta, but it made no difference. This functionality is critical for me. Please tell me there is an easy/immediate fix.
As a workaround, you could add the RVL200's portal page to the Trusted Sites of the Internet Explorer and set the Security Level of Trusted Sites to Low to bypass the checking on the certificates of ActiveX add-ons.
Thanks. Yes, that would work, but I'm not comfortable having everyone do that. Any way to get an updated file/certificate? The whole point of the RVL200 is to allow secure SSL VPN functionality.
Same problem for me, I spoke with Cisco this morning and they recommended that I post this here.
Cisco, please update your Certificate!
I suppose I have a related problem. First time setting this up, though.
I'm not allowed to install the software (ActiveX) due to the "Publisher can not be verified", the certificate has expired just as you say.
Have tried the workaround - no luck at all...
>I'm not allowed to install the software (ActiveX) due to the "Publisher can not be verified", the certificate has expired just as you say.
If you set the security level of your IE browser to low correctly, the browser will bypass verifying the signing certificate of the ActiveX components, and therefore you should not see any error message complaining about expired certificate. If you encounter any problem, perhaps you can consider giving the Small Business Support team a call.
I totally agree. And frankly, it's asinine that this issue has to be sent to engineers or programmers or whatever. It's a simple patch - UPDATE CERTIFICATE! Done.
Same here! The certificate I see is the same as the one posted by kbaiocchi.
The RVL200 is the only piece of hardware that I have ever owned that came with a predetermined expiration date.
I wanted update you on the POST. The engineers are still working to fix the issue and should have the issue resolved soon.
Check the above listed post from me for a possible work around
Have a great day :)
Thanks for the update David!
You may have seen that I can't get the workaround to work either...
I suspect that this is very much related to the cert-issue, but what can I do to get the workaround to work for me??
Many thanks in advance! :)
This problem has been escalated to the engineering group and they have no news as of this morning. I will continue to keep this board up to date as I hear things form the engineering group.
What possible excuse do the engineers have for why it takes from Sept to Jan to update the expiry date on a certificate? This is ludicrous!
My thought is that it's not the engineers that are taking too long, how long does it take to create a certificate and compile the new firmware release and then system test the result and make the software available.
I think the delay is the internal approvals to get GPL code updated and all the legal niceties correct, updating the cisco.com websites and support sites.
There are work arounds at the moment that David Dunlap has documented in this thread.
It's annoying for us as well, but not ludicrous, see the following URL;
I feel the pain guys, and posed the question to my next level of support.
RVL200 firmware 126.96.36.199 fixed the Expired Certificate issue. QA has approved the firmware and customers can get the firmware from Tech Support.
So i believe since the software isn't released as yet or generally available, you may have to approve a beta or pre-release agreement to get that software.
So ring back to the good folk at the Small Business Support center, their contact URL follows;
Refer them to this posting and I am more than willing to help facilitate what needs to be done.
Unfortunately, the good folks at the Small Business Support center have no idea that this beta firmware even exists, let alone where to get it. They said to just wait until it is put on the website.
Any chance someone can get it from whomever has it and email it to those of us that need it? Or send it via PM? Pony Express? I don't really care, I just want/need it. This has been an issue for WAY too long.
Regarding this issue, please contact the SBSC by phone and they will be able to assist you.
I am in Hong Kong and therefore I contacted the Cisco Small Business Support Centre in Hong Kong via the following phone number in dealing with this certificate expired problem; the phone number (Hong Kong 800 9 0 3154) was found in the Cisco Small Business Support Centre Contacts web page which you mentioned in your previous advice dated 29 Mar 2010.
I described the background of my RVL200 certificate expired problem in details, telling the support centre staff that I could not locate the firmware version (188.8.131.52) in the official Cisco website; and I therefore requested the support centre to find and email this firmware to me.
The following is the official reply from Mr. Ivan Chen, the China Small Business Technical Support Engineer ( his email : email@example.com), to my case (case id: 614017821) on 30 Mar 2010, I've "cut-and-paste" such official reply for your reference so that you understand that local Cisco Small Business Support Centres at individual country are not working as what the Cisco Headquarters is expecting :
We had tried hard to find the firmware version v.184.108.40.206 for RVL200 but there is only v.1.1.7 available in Cisco official web site.
We hereby provide you a case id: 614017821, Please take it down and tell the number to engineer when you call back next time.
And we will follow up with the case and make you posted if there any upgrade about that.
China Small Business Technical Support Engineer
Thanks for all your time and efforts in putting resources together to tackle this problem; but end-users are still suffering due to complicates Cisco administrative procedures which still holding a ready-to-delivery firmware to remedy the situation. Help! Would Cisco please place the latest firmware in the official Cisco website for us to download so that we all can save our efforts in posting our complaints/difficulties on this matter !
After all, I choose to buy and use Cisco products are not only because of their reliable hardware and software; I also trust on their effective, efficient, and professional services when Cisco customers encounter Cisco problems. This issue has been outstanding for months, and this issue happened on a Cisco Security Product which is very critical for small business activity. I really do not understand why Cisco is so reluctant in providing the solution in an easy way!!! I supposed Cisco should provide the solution to Cisco's customers whoever in need without any delay for a Network Security Product to safeguard Cisco's reputation in the industry !!!
Dave, please escalate our pains to the proper group/person in Cisco once again please !
Thank you very much in advance for all your efforts provided to this matter.
I just bought a new RVL200 for the SSL VPN capability and seem to be suffering from the certificate/ActiveX issues.
The only available firmware on the website is still 1.1.7. I'm assuming no solution has come out?
What are the risks of using the posted work-arounds?
It's 4/20/2010, is the RVL200 still a supported product?
If not, should I just return it? I don't want to waste my time...
Thanks for any advice!
This has been an ongoing problem that has remain unfixed for an extended period of time. I recommend returning the product. The certificate issues will drive your users nuts and the way to circumvent it using browser exceptions, etc. is obscure at best and near-impossible on a bad day where you happen to forget the arcane sequence of workaround commands. The RVL200 does not appear to be actively supported as a quick review of the outstanding issues listed in this forum will show and when you consider that the certificate expiry issue is trivial for Cisco to fix - I suspect an unpaid Stanford engineering intern could do it in a morning.
I'm getting pretty annoyed by what appears to be almost a complete
lack of effective response in this matter. I have two of these things
and I just can NOT walk some people (read: elderly family members)
through the positively baroque procedure of reducing security to make
Furthermore, security was one of the reasons that I purchased them in
the first place! In nine years, I have flat out refused to place any
other solutions than combined Cisco/Linksys. I sold the end-to-end
support. How the heck am I supposed to sell this? I can't. Am I
If Cisco is indeed going to ditch this product (as their lack of
effective, clear and easy solutions indicates) , then could they
PLEASE CONFESS to this so that I don't waste any more of my time
waiting around? AND my money. And other people's money!
In perhaps a more productive vein, I noted that the unit CAN generate
certificates. Is there some way to use this to work around the issue
of the expired default certificate? Can I buy some sort of
certificate from a third party commercial vendor (Thwate or some other
Another thing that suggests itself is a Windows (Visual Basic) script
that does the modifications to Internet Explorer (IE). Has anybody
tried this? I'm a pretty good hand at Visual Basic and know that it
can be used in conjunction with IE.
It's really starting to look like we are on our own. What can we do
to solve the issue ourselves (besides returning the unit)?
COME ON CISCO!! There is money on the table for some of us!!
Thanks for the feedback,
I aggree, if the RVL200 is no longer supported then Cisco should just say so. The customer should not be left in the dark and ignored!
Checked with RVL200 engineering today and have been advised that a firmware update will be available around the first of May. Understand your frustration and appreciate your patience.
Please stay tuned.