NAS326 SSL CA.cert ?

Janikovo
Janikovo Posts: 24  Freshman Member
edited June 2020 in Personal Cloud Storage
Hello,

I want to enable only https connections to my NAS326

What is troubling me is this:



What is that CA. file ?....Because when I download it....there is a strange message



Is that file safe ?
And it is the same cert file for all NAS326 users ?

Who is certificate authority (company or organization) ? Trusted authority ?

And If I will do it....will be provided trusted services like Authentication, Encryption, for secure communication over insecure networks such as the Internet.

Should I ever import it into browser ?

Thanks

#NAS_June_2020

All Replies

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    What do you know about https?

    One of the features is authentication. To prohibit a man-in-the-middle attack, a part of the encryption handshake also proves the server is who he claims to be. That is done by a certificate owned by the server, which is signed by a trusted authority.
    Your OS or your browser has a set of (public) certificates of trusted authorities, and somehow it's possible to cryptographic guarantee that the certicificate used by the server is signed by the private counterpart of the public certificates known by your browser.

    Now your NAS. It is also a webserver, but it cannot have a signed certificate, as it's hostname is not known by a CA. The url is https://nas326 or something like that, and no CA will sign a certificate for that, as it's not unique.
    To cope with that, the NAS signs it's own certificate, and offers you the CA file as download, so you can tell your browser you trust that specific certificate. If you don't, your browser will yell that the server is untrusted, and maybe even deny to connect.

    The reason that the browser warns for that file is that in can be dangerous to install a certificate from an unknown source. Imagine you connect to a public wifi network, and it asks you to install a certificate. That would be dangerous, as it opens a way to man-in-the-middle attacks. So when you have to install a certificate file, think about where it comes from, and why you would need it. In this case both questions are clear, and so you can install the file.
  • Janikovo
    Janikovo Posts: 24  Freshman Member
    @Mijzelf

    Thank you for explanation.


  • Janikovo
    Janikovo Posts: 24  Freshman Member
    Thanks for answer,

    I did all what was described in manual, but my NAS326, imported CA.cert into browser and system and still got this error message:


    Your connection is not private

    Attackers might be trying to steal your information from NAS326 (for example, passwords, messages, or credit cards). Learn more

    NET::ERR_CERT_AUTHORITY_INVALID

    It seems it is not working according to manual.

    Any advice please ?

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Does 'learn more' tell you something about the reason why it's invalid?
  • Janikovo
    Janikovo Posts: 24  Freshman Member
    No, will try later,

    I am able to connect but with


  • Janikovo
    Janikovo Posts: 24  Freshman Member
    edited July 2020
    Hi @Mijzelf

    nothing what will help:

    1. Step Sign in to the NAS without https - done it works.
    2. Step 2: Open the page in Incognito mode - done as suggested and test ("should not open") - done successfully.
    3. Step 3: Update your operating system - done.
    4. Step 4: Temporarily turn off your antivirus - done, no success, again chrome says "Your connection is not private"
    Step 5: Get extra help - This is why I am asking here :-)

    And "Advanced info" button says this:



  • fxodyssey
    fxodyssey Posts: 2  Freshman Member
    Third Anniversary
    I have the exact same problem.
  • fxodyssey
    fxodyssey Posts: 2  Freshman Member
    Third Anniversary

    First of all thankyou for your post. After going through several hours of trouble shooting, trying various methods etc etc.... I would suggest the following:

    1. If possible, use firefox browser. Only because you can get some of the best information about the certificate. Google Chrome is also fine, if you are familiar with certificate management in chrome

    The above 2 steps ensures that, you can now connect to your NAS over the internet via https connection

    If you have the time, you can then decide to go ahead and play around the additional steps to get rid of the exception that you have to allow in the browser.


    Good luck!


Consumer Product Help Center