Wrong SSL certificate
- Stefano
- Getting the hang of things
- Posts: 56
- Joined: Mon Sep 10, 2007 10:29 pm
Wrong SSL certificate
Hello!
When I want to connect to the Administration web interface via SSL/https, my browser shows a warning message. It says, the certificate is wrong.
I can solve one of the two warnings by manually trusting the issuer, but I cannot remove the second warning: The name is invalid or doesn't match.
Can I download a valid certificate somewhere or how can I remove the warning?
Cheers,
Stefano
When I want to connect to the Administration web interface via SSL/https, my browser shows a warning message. It says, the certificate is wrong.
I can solve one of the two warnings by manually trusting the issuer, but I cannot remove the second warning: The name is invalid or doesn't match.
Can I download a valid certificate somewhere or how can I remove the warning?
Cheers,
Stefano
- QNAPIvan
- Experience counts
- Posts: 1020
- Joined: Mon Jul 02, 2007 4:03 pm
Dear Stefano
The issue should be fixed in the latest firmware of TS-109 & TS-209 series already.
Best regards,
The issue should be fixed in the latest firmware of TS-109 & TS-209 series already.
Best regards,
________________________________________
Product Marketing Director
USA Online Support: http://www.qnap.com/i/useng/before_buy/ ... wone&cid=2
Support email: q_supportus@qnap.com
USA Technical Support: +1 909 595 2782
Product Marketing Director
USA Online Support: http://www.qnap.com/i/useng/before_buy/ ... wone&cid=2
Support email: q_supportus@qnap.com
USA Technical Support: +1 909 595 2782
-
- Starting out
- Posts: 12
- Joined: Wed Sep 12, 2007 2:42 am
I think I have the same problem (with the new FW -- 1.1.1 0831T). Using IE 7, I get an error message that "The security certificate presented by this website was issued for a different website's address ...." A similar problem appears when using Mozilla Foxfire 2. The address given by the certificate is TS 109 (or something like that), but the address it is looking for is the IP address of my NAS.
Michelle
Michelle
- QNAPIvan
- Experience counts
- Posts: 1020
- Joined: Mon Jul 02, 2007 4:03 pm
Sorry for confusing.
The v.1.1.1 0831 build solved issue of expiration of the certificate.
Currently there will still be warning message pop up by browser because the certificate is not signed by 3rd party institue (ex: Verisign).
Currently we are considering to submit it.
Sorry for the inconvenience.
Cheers.
The v.1.1.1 0831 build solved issue of expiration of the certificate.
Currently there will still be warning message pop up by browser because the certificate is not signed by 3rd party institue (ex: Verisign).
Currently we are considering to submit it.
Sorry for the inconvenience.
Cheers.
________________________________________
Product Marketing Director
USA Online Support: http://www.qnap.com/i/useng/before_buy/ ... wone&cid=2
Support email: q_supportus@qnap.com
USA Technical Support: +1 909 595 2782
Product Marketing Director
USA Online Support: http://www.qnap.com/i/useng/before_buy/ ... wone&cid=2
Support email: q_supportus@qnap.com
USA Technical Support: +1 909 595 2782
- AndyChuo
- Experience counts
- Posts: 2388
- Joined: Thu Sep 13, 2007 11:56 am
- Location: Taipei, Taiwan
Hi Guys,
TS-109 Beta-Firmware 1.1.2 0928 was released to fix some critical issues as stated in the changed log. However we already have this issued looked after and expect the fix in our next official release. Sorry for the inconvenience.
Andy
TS-109 Beta-Firmware 1.1.2 0928 was released to fix some critical issues as stated in the changed log. However we already have this issued looked after and expect the fix in our next official release. Sorry for the inconvenience.
Andy
=============================================================>>>
TS-659-Pro [RAID6] rtorrent+SABnzbdplus+SickBeard+Couchpotato [Best PVR] Plex+PMS [Ultimate Streamer]
Apple iPad [Best Tablet] HTC One M8 [Mobile Phone] Samsung UA46ES6100 [My Screen] KRK Rokit 6 [Audio Speakers]
Chrome Cast [Screen Casting] Philips Hue [Personal Lighing]
Buffalo WZR-1750DHP [My Wifi Hub] D-Link DGS-1005D [Gbit Network]
=============================================================>>>
TS-659-Pro [RAID6] rtorrent+SABnzbdplus+SickBeard+Couchpotato [Best PVR] Plex+PMS [Ultimate Streamer]
Apple iPad [Best Tablet] HTC One M8 [Mobile Phone] Samsung UA46ES6100 [My Screen] KRK Rokit 6 [Audio Speakers]
Chrome Cast [Screen Casting] Philips Hue [Personal Lighing]
Buffalo WZR-1750DHP [My Wifi Hub] D-Link DGS-1005D [Gbit Network]
=============================================================>>>
-
- Starting out
- Posts: 16
- Joined: Tue Jan 08, 2008 2:15 am
Re: Wrong SSL certificate
If I purchase an SSL certificate (say from "verisign" or a cheaper version from "go-daddy") for my NAS TS-209 is it possible for me to install it or is the certificate built into the firmware?
Thanks
Jon
Thanks
Jon
-
- Starting out
- Posts: 16
- Joined: Tue Jan 08, 2008 2:15 am
Re: Wrong SSL certificate
Hi,
Is there anyone that can help me with this
Thanks
Jon
Is there anyone that can help me with this
Thanks
Jon
-
- Getting the hang of things
- Posts: 71
- Joined: Wed Jan 16, 2008 12:18 am
- Location: United States
Re: Wrong SSL certificate
I'd be interested in this too..we have our own signed certificate & wouldn't mind using ours instead of QNAP's (since QNAP's certificate isn't even signed).
- AndyChuo
- Experience counts
- Posts: 2388
- Joined: Thu Sep 13, 2007 11:56 am
- Location: Taipei, Taiwan
Re: Wrong SSL certificate
Hi Guys,
Yes, if you are going to purchase one and wanting to find out how to install it to the NAS, here's the howto:
1. copy the certificate file to the Public share on your NAS via samba or FTP
and rename it to stunnel.pem then log in to the NAS via SSH.
(for single disk)
(for 2 disks running RAID)
2. mount the flash drive to edit autorun.sh
3. edit the autorun.sh to add the following lines to it
Then save and escape out vi
Upon the reboot system will install it over the default certificate.
Andy
Yes, if you are going to purchase one and wanting to find out how to install it to the NAS, here's the howto:
1. copy the certificate file to the Public share on your NAS via samba or FTP
and rename it to stunnel.pem then log in to the NAS via SSH.
(for single disk)
Code: Select all
# mkdir -p /share/HDA_DATA/sslcert
# cp /share/Public/stunnel.pem /share/HDA_DATA/sslcert
Code: Select all
# mkdir -p /share/MD0_DATA/sslcert
# cp /share/Public/stunnel.pem /share/MD0_DATA/sslcert
Code: Select all
# mount -t ext2 /dev/mtdblock5 /tmp
Code: Select all
# vi /tmp/autorun.sh
(for single disk)
cp -af /share/HDA_DATA/sslcert/stunnel.pem /etc/stunnel
(for 2 disks running RAID)
cp -af /share/MD0_DATA/sslcert/stunnel.pem /etc/stunnel
Code: Select all
ESC
:wq
ENTER
Code: Select all
# chmod +x /tmp/autorun.sh
# cd /
# umount /tmp
# reboot
Andy
=============================================================>>>
TS-659-Pro [RAID6] rtorrent+SABnzbdplus+SickBeard+Couchpotato [Best PVR] Plex+PMS [Ultimate Streamer]
Apple iPad [Best Tablet] HTC One M8 [Mobile Phone] Samsung UA46ES6100 [My Screen] KRK Rokit 6 [Audio Speakers]
Chrome Cast [Screen Casting] Philips Hue [Personal Lighing]
Buffalo WZR-1750DHP [My Wifi Hub] D-Link DGS-1005D [Gbit Network]
=============================================================>>>
TS-659-Pro [RAID6] rtorrent+SABnzbdplus+SickBeard+Couchpotato [Best PVR] Plex+PMS [Ultimate Streamer]
Apple iPad [Best Tablet] HTC One M8 [Mobile Phone] Samsung UA46ES6100 [My Screen] KRK Rokit 6 [Audio Speakers]
Chrome Cast [Screen Casting] Philips Hue [Personal Lighing]
Buffalo WZR-1750DHP [My Wifi Hub] D-Link DGS-1005D [Gbit Network]
=============================================================>>>
-
- New here
- Posts: 3
- Joined: Fri Oct 10, 2008 10:11 pm
Re: Wrong SSL certificate
Following QNAPAndy's instructions, I found that I had to restart the stunnel service after stunnel.pem is copied in autorun. You can do this by adding the following line to autorun.sh:
also make sure your cert doesn't have a passphrase/key on it if you want it to start without any intervention.
Code: Select all
/etc/init.d/stunnel.sh restart
also make sure your cert doesn't have a passphrase/key on it if you want it to start without any intervention.