NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Utlover
Feb 15, 2008Aspirant
Any way to get rid of certificate error using Netgear/Jalbum
I followed the instructions from the How to section to setup my ReadyNas Nv+ to act as a webserver and it works flawlessly. So far, so good. The only problem I have is the certificate error which I ca...
CharlesLaCour
Dec 26, 2008Aspirant
The "Issued to" and "Issued by" will be the same, it is what is known as a self signed certificate, an x509 certificate to be more precise. If you were to have a certificate that was signed by Verisign, Thawte or any other certificate authority, CA, you would see the "Issued by" list the name of the CA that signed your certificate.
I don't see a way to generate a new cert form Fronview so the only way to fix this would be ssh into the box with elevated privileges.
If any of the info below is not familiar to you I would suggest that you don't try doing any of this.
Here is a link to a description of the process foe getting a CA signed cert: Re: Can you install a trusted SSL certificate on the NAS?
If you generate a self signed certificate using a name instead of an IP address then as long as you use the name to refer to your ReadyNAS then you can import and trust that certificate and it will work regardless of the IP address associated with the ReadyNAS. The drawback is that the standard field for the name or IP address in a x509 certificate will only take a single value and if you use different names to access the ReadyNAS you will get the SSL error if you use a name that is not in the certificate.
There is a way around this, there is another field in an x509 certificate called "Subject Alternative Name" or SAN. You can generate a self signed certificate using the SAN field but it can cause it's own issues. All of the released versions of Sun Java throw an SSL Handshake error about a unsupported critical extension if there is a SAN defined and is flagged as required/critical.
Here is a URL to some info about setting the SAN in the openssl.conf file: Open SSL Subject Alternative Name
I don't see a way to generate a new cert form Fronview so the only way to fix this would be ssh into the box with elevated privileges.
If any of the info below is not familiar to you I would suggest that you don't try doing any of this.
Here is a link to a description of the process foe getting a CA signed cert: Re: Can you install a trusted SSL certificate on the NAS?
If you generate a self signed certificate using a name instead of an IP address then as long as you use the name to refer to your ReadyNAS then you can import and trust that certificate and it will work regardless of the IP address associated with the ReadyNAS. The drawback is that the standard field for the name or IP address in a x509 certificate will only take a single value and if you use different names to access the ReadyNAS you will get the SSL error if you use a name that is not in the certificate.
There is a way around this, there is another field in an x509 certificate called "Subject Alternative Name" or SAN. You can generate a self signed certificate using the SAN field but it can cause it's own issues. All of the released versions of Sun Java throw an SSL Handshake error about a unsupported critical extension if there is a SAN defined and is flagged as required/critical.
Here is a URL to some info about setting the SAN in the openssl.conf file: Open SSL Subject Alternative Name
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!