NAS326 SSL CA.cert ?
Janikovo
Posts: 24 
Freshman Member
Freshman Member
Hello,
I want to enable only https connections to my NAS326
What is troubling me is this:
What is that CA. file ?....Because when I download it....there is a strange message
Is that file safe ?
And it is the same cert file for all NAS326 users ?
Who is certificate authority (company or organization) ? Trusted authority ?
And If I will do it....will be provided trusted services like Authentication, Encryption, for secure communication over insecure networks such as the Internet.
Should I ever import it into browser ?
Thanks
#NAS_June_2020
I want to enable only https connections to my NAS326
What is troubling me is this:
What is that CA. file ?....Because when I download it....there is a strange message
Is that file safe ?
And it is the same cert file for all NAS326 users ?
Who is certificate authority (company or organization) ? Trusted authority ?
And If I will do it....will be provided trusted services like Authentication, Encryption, for secure communication over insecure networks such as the Internet.
Thanks
#NAS_June_2020
0
All Replies
-
What do you know about https?One of the features is authentication. To prohibit a man-in-the-middle attack, a part of the encryption handshake also proves the server is who he claims to be. That is done by a certificate owned by the server, which is signed by a trusted authority.Your OS or your browser has a set of (public) certificates of trusted authorities, and somehow it's possible to cryptographic guarantee that the certicificate used by the server is signed by the private counterpart of the public certificates known by your browser.Now your NAS. It is also a webserver, but it cannot have a signed certificate, as it's hostname is not known by a CA. The url is https://nas326 or something like that, and no CA will sign a certificate for that, as it's not unique.To cope with that, the NAS signs it's own certificate, and offers you the CA file as download, so you can tell your browser you trust that specific certificate. If you don't, your browser will yell that the server is untrusted, and maybe even deny to connect.The reason that the browser warns for that file is that in can be dangerous to install a certificate from an unknown source. Imagine you connect to a public wifi network, and it asks you to install a certificate. That would be dangerous, as it opens a way to man-in-the-middle attacks. So when you have to install a certificate file, think about where it comes from, and why you would need it. In this case both questions are clear, and so you can install the file.0
-
Thanks for answer,
I did all what was described in manual, but my NAS326, imported CA.cert into browser and system and still got this error message:
Your connection is not private
Attackers might be trying to steal your information from NAS326 (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
It seems it is not working according to manual.
Any advice please ?
1 -
Does 'learn more' tell you something about the reason why it's invalid?
0 -
No, will try later,
I am able to connect but with
0 -
Hi @Mijzelf
nothing what will help:
1. Step Sign in to the NAS without https - done it works.
2. Step 2: Open the page in Incognito mode - done as suggested and test ("should not open") - done successfully.
3. Step 3: Update your operating system - done.
4. Step 4: Temporarily turn off your antivirus - done, no success, again chrome says "Your connection is not private"
Step 5: Get extra help - This is why I am asking here :-)
And "Advanced info" button says this:
1 -
I have the exact same problem.
0 -
First of all thankyou for your post. After going through several hours of trouble shooting, trying various methods etc etc.... I would suggest the following:1. If possible, use firefox browser. Only because you can get some of the best information about the certificate. Google Chrome is also fine, if you are familiar with certificate management in chrome2. Next, read the below article from Zyxel support --> https://support.zyxel.eu/hc/en-us/articles/360011611160-How-to-regenerate-original-self-signed-certificates-on-NAS-series-storageThe above 2 steps ensures that, you can now connect to your NAS over the internet via https connectionIf you have the time, you can then decide to go ahead and play around the additional steps to get rid of the exception that you have to allow in the browser.3. Do this step from Zyxel Support --> https://support.zyxel.eu/hc/en-us/articles/360011585960-How-to-import-Let-s-Encrypt-certificate-on-NAS-series-storage#1Good luck!
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
