Installing Certificates on Motorola 2210-02

Installing new 802.1x certificates on the 2210-02 is amazingly simple. Due to poor planning by AT&T, the 2210-02 ADSL2+ may have old certificates that prevent it from getting online. Instead of releasing a firmware file to update the certificates, they basically said screw you. For some background, check out this post.

First step is retrieving the new certificates. I used the Motorola NVG 510 AT&T forced me to purchase. There’s a very simple exploit to activate telnet on this model. After gaining full shell access and installing busybox, navigate to the /etc/.ssl/ folder and copy all of the .der files. You should have:

attroot.der
attsubca2012.der
motroot.der
attroot2031.der
attsubca2021.der
motsubca.der

attroot.der and attsubca2012.der are the expired ones. You can delete them.

If you haven’t done so already, you’ll need to active telnet on the 2210-02.

Setup a TFTP server

I won’t spend much time on this as it’s specific to your setup. On OS X, I used TFTP Server to manage the built-in TFTP server. Add all of the certificates to your tftp directory and make sure you can download them.

Install the New Certificates

On the 2210, login as admin and run the following command for each file: download -cert <server-ipaddress> <filename> confirm. This did it for me:

download -cert  192.168.7.66 motroot.der confirm
download -cert  192.168.7.66 motsubca.der confirm
download -cert  192.168.7.66 attroot2031.der confirm
download -cert  192.168.7.66 attsubca2021.der confirm
reboot

After rebooting, the modem connected right away to the AT&T network and authenticated without an issue. It also downloaded the latest firmware file and updated itself. $14 well spent!

Successfully connected on older firmware using updated certificates

2 thoughts on “Installing Certificates on Motorola 2210-02

  1. Pingback: Motorola 2210-02-1ATT 7.8.7r27 Firmware | Random EE

Leave a Reply to neo Cancel reply

Your email address will not be published. Required fields are marked *