Wrong SSL certificate

Discussion on setting up QNAP NAS products.
User avatar
Stefano
Getting the hang of things
Posts: 56
Joined: Mon Sep 10, 2007 10:29 pm

Wrong SSL certificate

Post by Stefano »

Hello!

When I want to connect to the Administration web interface via SSL/https, my browser shows a warning message. It says, the certificate is wrong.
I can solve one of the two warnings by manually trusting the issuer, but I cannot remove the second warning: The name is invalid or doesn't match.
Can I download a valid certificate somewhere or how can I remove the warning?

Cheers,
Stefano
User avatar
QNAPIvan
Experience counts
Posts: 1020
Joined: Mon Jul 02, 2007 4:03 pm

Post by QNAPIvan »

Dear Stefano
The issue should be fixed in the latest firmware of TS-109 & TS-209 series already.

Best regards,
________________________________________
Product Marketing Director
USA Online Support: http://www.qnap.com/i/useng/before_buy/ ... wone&cid=2
Support email: q_supportus@qnap.com
USA Technical Support: +1 909 595 2782
User avatar
Stefano
Getting the hang of things
Posts: 56
Joined: Mon Sep 10, 2007 10:29 pm

Post by Stefano »

I think, it is not.
I suppose, it's the root certificate, which doesn't exist in the path.
Last edited by Stefano on Tue Nov 06, 2007 8:20 pm, edited 1 time in total.
mrgarfin
Starting out
Posts: 12
Joined: Wed Sep 12, 2007 2:42 am

Post by mrgarfin »

I think I have the same problem (with the new FW -- 1.1.1 0831T). Using IE 7, I get an error message that "The security certificate presented by this website was issued for a different website's address ...." A similar problem appears when using Mozilla Foxfire 2. The address given by the certificate is TS 109 (or something like that), but the address it is looking for is the IP address of my NAS.

Michelle
User avatar
QNAPIvan
Experience counts
Posts: 1020
Joined: Mon Jul 02, 2007 4:03 pm

Post by QNAPIvan »

Sorry for confusing.
The v.1.1.1 0831 build solved issue of expiration of the certificate.
Currently there will still be warning message pop up by browser because the certificate is not signed by 3rd party institue (ex: Verisign).
Currently we are considering to submit it.

Sorry for the inconvenience.

Cheers.
________________________________________
Product Marketing Director
USA Online Support: http://www.qnap.com/i/useng/before_buy/ ... wone&cid=2
Support email: q_supportus@qnap.com
USA Technical Support: +1 909 595 2782
Rick1486
Getting the hang of things
Posts: 50
Joined: Thu Sep 20, 2007 3:39 am

Post by Rick1486 »

I've got the same problem with the certificate using f/w version 1.1.1 0831 so I hope you do get it fixed soon.

Cheers
Rick
User avatar
Stefano
Getting the hang of things
Posts: 56
Joined: Mon Sep 10, 2007 10:29 pm

Post by Stefano »

It's not fixed in TS-109 Beta-Firmware 1.1.2 0928. :(
User avatar
AndyChuo
Experience counts
Posts: 2388
Joined: Thu Sep 13, 2007 11:56 am
Location: Taipei, Taiwan

Post by AndyChuo »

Hi Guys,

TS-109 Beta-Firmware 1.1.2 0928 was released to fix some critical issues as stated in the changed log. However we already have this issued looked after and expect the fix in our next official release. Sorry for the inconvenience.

Andy
=============================================================>>>
TS-659-Pro [RAID6] rtorrent+SABnzbdplus+SickBeard+Couchpotato [Best PVR] Plex+PMS [Ultimate Streamer]
Apple iPad [Best Tablet] HTC One M8 [Mobile Phone] Samsung UA46ES6100 [My Screen] KRK Rokit 6 [Audio Speakers]
Chrome Cast [Screen Casting] Philips Hue [Personal Lighing]
Buffalo WZR-1750DHP [My Wifi Hub] D-Link DGS-1005D [Gbit Network]
=============================================================>>>
kluris
Getting the hang of things
Posts: 57
Joined: Mon Oct 08, 2007 6:48 pm

Post by kluris »

Still not solved with the latest firmware 1.1.3, 1101T!!!

Will you include it in the next one?

:D kluris
TS-209
2 Samsung HD501LJ in RAID1
Windows Vista
3.3.0 (0924T)
timsig
New here
Posts: 2
Joined: Sun Jan 06, 2008 4:52 am

Post by timsig »

still not fixed with 1.1.4 !!! Which version will fix this problem ?
eskdale
Starting out
Posts: 16
Joined: Tue Jan 08, 2008 2:15 am

Re: Wrong SSL certificate

Post by eskdale »

If I purchase an SSL certificate (say from "verisign" or a cheaper version from "go-daddy") for my NAS TS-209 is it possible for me to install it or is the certificate built into the firmware?

Thanks

Jon
eskdale
Starting out
Posts: 16
Joined: Tue Jan 08, 2008 2:15 am

Re: Wrong SSL certificate

Post by eskdale »

Hi,

Is there anyone that can help me with this

Thanks

Jon
happyguy
Getting the hang of things
Posts: 71
Joined: Wed Jan 16, 2008 12:18 am
Location: United States

Re: Wrong SSL certificate

Post by happyguy »

I'd be interested in this too..we have our own signed certificate & wouldn't mind using ours instead of QNAP's (since QNAP's certificate isn't even signed).
User avatar
AndyChuo
Experience counts
Posts: 2388
Joined: Thu Sep 13, 2007 11:56 am
Location: Taipei, Taiwan

Re: Wrong SSL certificate

Post by AndyChuo »

Hi Guys,

Yes, if you are going to purchase one and wanting to find out how to install it to the NAS, here's the howto:

1. copy the certificate file to the Public share on your NAS via samba or FTP
and rename it to stunnel.pem then log in to the NAS via SSH.

(for single disk)

Code: Select all

# mkdir -p /share/HDA_DATA/sslcert
# cp /share/Public/stunnel.pem /share/HDA_DATA/sslcert
(for 2 disks running RAID)

Code: Select all

# mkdir -p /share/MD0_DATA/sslcert
# cp /share/Public/stunnel.pem /share/MD0_DATA/sslcert
2. mount the flash drive to edit autorun.sh

Code: Select all

# mount -t ext2 /dev/mtdblock5 /tmp
3. edit the autorun.sh to add the following lines to it

Code: Select all

# vi /tmp/autorun.sh

(for single disk)
cp -af /share/HDA_DATA/sslcert/stunnel.pem /etc/stunnel

(for 2 disks running RAID)
cp -af /share/MD0_DATA/sslcert/stunnel.pem /etc/stunnel
Then save and escape out vi

Code: Select all

ESC 
:wq 
ENTER

Code: Select all

# chmod +x /tmp/autorun.sh

# cd /

# umount /tmp

# reboot
Upon the reboot system will install it over the default certificate.

Andy
=============================================================>>>
TS-659-Pro [RAID6] rtorrent+SABnzbdplus+SickBeard+Couchpotato [Best PVR] Plex+PMS [Ultimate Streamer]
Apple iPad [Best Tablet] HTC One M8 [Mobile Phone] Samsung UA46ES6100 [My Screen] KRK Rokit 6 [Audio Speakers]
Chrome Cast [Screen Casting] Philips Hue [Personal Lighing]
Buffalo WZR-1750DHP [My Wifi Hub] D-Link DGS-1005D [Gbit Network]
=============================================================>>>
silverfile
New here
Posts: 3
Joined: Fri Oct 10, 2008 10:11 pm

Re: Wrong SSL certificate

Post by silverfile »

Following QNAPAndy's instructions, I found that I had to restart the stunnel service after stunnel.pem is copied in autorun. You can do this by adding the following line to autorun.sh:

Code: Select all

/etc/init.d/stunnel.sh restart


also make sure your cert doesn't have a passphrase/key on it if you want it to start without any intervention.
Post Reply

Return to “Turbo Station Installation & Setup”