« Back to all recent discussions

NAS326 SSL CA.cert ?

JanikovoJanikovo Posts: 24  Junior Member
edited June 29 in Questions
Hello,

I want to enable only https connections to my NAS326

What is troubling me is this:



What is that CA. file ?....Because when I download it....there is a strange message



Is that file safe ?
And it is the same cert file for all NAS326 users ?

Who is certificate authority (company or organization) ? Trusted authority ?

And If I will do it....will be provided trusted services like Authentication, Encryption, for secure communication over insecure networks such as the Internet.

Should I ever import it into browser ?

Thanks

#NAS_June_2020

Answers

  • MijzelfMijzelf Posts: 1,205  Heroic Warrior Member
    What do you know about https?

    One of the features is authentication. To prohibit a man-in-the-middle attack, a part of the encryption handshake also proves the server is who he claims to be. That is done by a certificate owned by the server, which is signed by a trusted authority.
    Your OS or your browser has a set of (public) certificates of trusted authorities, and somehow it's possible to cryptographic guarantee that the certicificate used by the server is signed by the private counterpart of the public certificates known by your browser.

    Now your NAS. It is also a webserver, but it cannot have a signed certificate, as it's hostname is not known by a CA. The url is https://nas326 or something like that, and no CA will sign a certificate for that, as it's not unique.
    To cope with that, the NAS signs it's own certificate, and offers you the CA file as download, so you can tell your browser you trust that specific certificate. If you don't, your browser will yell that the server is untrusted, and maybe even deny to connect.

    The reason that the browser warns for that file is that in can be dangerous to install a certificate from an unknown source. Imagine you connect to a public wifi network, and it asks you to install a certificate. That would be dangerous, as it opens a way to man-in-the-middle attacks. So when you have to install a certificate file, think about where it comes from, and why you would need it. In this case both questions are clear, and so you can install the file.
  • JanikovoJanikovo Posts: 24  Junior Member
    @Mijzelf

    Thank you for explanation.


  • JanikovoJanikovo Posts: 24  Junior Member
    Thanks for answer,

    I did all what was described in manual, but my NAS326, imported CA.cert into browser and system and still got this error message:


    Your connection is not private

    Attackers might be trying to steal your information from NAS326 (for example, passwords, messages, or credit cards). Learn more

    NET::ERR_CERT_AUTHORITY_INVALID

    It seems it is not working according to manual.

    Any advice please ?

  • MijzelfMijzelf Posts: 1,205  Heroic Warrior Member
    Does 'learn more' tell you something about the reason why it's invalid?
  • JanikovoJanikovo Posts: 24  Junior Member
    No, will try later,

    I am able to connect but with


  • JanikovoJanikovo Posts: 24  Junior Member
    edited July 5
    Hi @Mijzelf

    nothing what will help:

    1. Step Sign in to the NAS without https - done it works.
    2. Step 2: Open the page in Incognito mode - done as suggested and test ("should not open") - done successfully.
    3. Step 3: Update your operating system - done.
    4. Step 4: Temporarily turn off your antivirus - done, no success, again chrome says "Your connection is not private"
    Step 5: Get extra help - This is why I am asking here :-)

    And "Advanced info" button says this:



Sign In or Register to comment.