D-Link Forums
D-Link Network Video Recorders => DNR-322L => Topic started by: tiredcam on September 26, 2015, 03:58:36 AM
-
I was asking about the validity of the 2.20b01 firmware a while back and FurryNutz very kindly answered me.
I finally got around to updating the firmware and discovered to my horror that I can no longer access live video nor playback via my browser (Firefox, latest version). Java reports a certificate revocation that I am unable to get around unless I disable certificate checking which is not acceptable to me. Nothing changed on my desktop prior to the firmware update and I was able to access live video and playback just immediately before making the update. I am also running the latest version of Java.
Poking around online further, I came across this article from a Dutch site, dated 17 Sep 15 that claims that D-Link accidentally released private keys for signing certificates:
http://tweakers.net/nieuws/105137/d-link-blundert-met-vrijgeven-privesleutels-van-certificaten.html
Google translate to English of the site above here:
https://translate.google.com/translate?sl=nl&tl=en&js=y&prev=_t&hl=nl&ie=UTF-8&u=http%3A%2F%2Ftweakers.net%2Fnieuws%2F105137%2Fd-link-blundert-met-vrijgeven-privesleutels-van-certificaten.html&edit-text=&act=url
Can anyone advise on the certificate revocation issue I am facing and/or comment on the alleged certificate blunder by D-link?
-
I was asking about the validity of the 2.20b01 firmware a while back and FurryNutz very kindly answered me.
I finally got around to updating the firmware and discovered to my horror that I can no longer access live video nor playback via my browser (Firefox, latest version). Java reports a certificate revocation that I am unable to get around unless I disable certificate checking which is not acceptable to me. Nothing changed on my desktop prior to the firmware update and I was able to access live video and playback just immediately before making the update. I am also running the latest version of Java.
Poking around online further, I came across this article from a Dutch site, dated 17 Sep 15 that claims that D-Link accidentally released private keys for signing certificates:
http://tweakers.net/nieuws/105137/d-link-blundert-met-vrijgeven-privesleutels-van-certificaten.html
Google translate to English of the site above here:
https://translate.google.com/translate?sl=nl&tl=en&js=y&prev=_t&hl=nl&ie=UTF-8&u=http%3A%2F%2Ftweakers.net%2Fnieuws%2F105137%2Fd-link-blundert-met-vrijgeven-privesleutels-van-certificaten.html&edit-text=&act=url
Can anyone advise on the certificate revocation issue I am facing and/or comment on the alleged certificate blunder by D-link?
This might help
http://forums.dlink.com/index.php?topic=56962.msg259581#msg259581 (http://forums.dlink.com/index.php?topic=56962.msg259581#msg259581)
-
This might help
http://forums.dlink.com/index.php?topic=56962.msg259581#msg259581 (http://forums.dlink.com/index.php?topic=56962.msg259581#msg259581)
The post and links from it suggests either disabling Java's certificate checking function or using Dlink's cloud service. I am sure everyone will agree fiddling with Java's security settings is not a good idea and given Dlink's spotty security history, I am not sure making my camera feeds available on cloud is a good idea.
-
This might help
http://forums.dlink.com/index.php?topic=56962.msg259581#msg259581 (http://forums.dlink.com/index.php?topic=56962.msg259581#msg259581)
The post and links from it suggests either disabling Java's certificate checking function or using Dlink's cloud service. I am sure everyone will agree fiddling with Java's security settings is not a good idea and given Dlink's spotty security history, I am not sure making my camera feeds available on cloud is a good idea.
see my comment here http://forums.dlink.com/index.php?topic=56962.msg259643#msg259643 (http://forums.dlink.com/index.php?topic=56962.msg259643#msg259643)
-
This issue is two fold. D-Link is aware of the Java issue and is working on getting it fixed. Also Java mfr is also included in this so they also need to update there software as well.
I also noticed a Java update this morning. Not sure if this has any fixes or not.
Please be patient.
-
I got new 942L and could not run the setup wizard I downloaded this morning because of the cert revocation. I re-downloaded a few hours later and it ran no issue, looks like they reposted installers that were resigned this past Saturday with new certs, even though they did not update the version numbers or dates on the website. So hopefully they are slowly working through all their software and firmware and recompiling with the new certs.
-
Thanks for sharing your experience. Fix is in the works. ;)
-
Any updates from DLink? The site still shows 8/11/2015 on all the firmware, but based on my experience with some of the cameras, that isn't necessarily accurate. At least I found a work-around, you can to use the desktop playback software... but annoying I can't get the live-view.
-
Nothing as of yet.
-
They released a new firmware on the 16th. Notes say includes new cert. upgrading now.
-
Let us know how it turns out. :)
-
It resolved the certificate issue, live view and playback work again - though it doesn't seem to save the display preferences like it used to.
Still having the strange issue of it overwriting the settings on one particular camera noted below.
-
Glad it's working now. Thank you for sharing this info.
-
I worked around the issue by installing and older version of Java. Version Java 7 update 55. I have not tried newer to test if it works but I am now able to see live view, motion detection grid or anything related to Java.
Some IP Cameras donīt have a firmware update to solve this problem. I think.
-
Thank you for the information. D-Link is aware of these issues and is working hard to resolve them. I presume that the next FW update will resolve this and users should be able to use the most current Java software or plug-in available. Please be patient while they work on getting it resolved. If users are needed immediate help and information, I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
I worked around the issue by installing and older version of Java. Version Java 7 update 55. I have not tried newer to test if it works but I am now able to see live view, motion detection grid or anything related to Java.
Some IP Cameras donīt have a firmware update to solve this problem. I think.