How in the world can one generate a security certificate with this Hunk of Junk!I have a Readynas NV+ 2V (ARM) and it does not have this Frontview that everyone says will generate the certificate. I am stuck with the Godforsaken Dashboard. Latest firmware RAIDiator 5.3.9When you set it up it takes a DHCP assigned IP address and it will want to cling to that IP address come hell or high water! I set the unit to my static IP address... and also in the HTTP and HTTPS section as well, press "Apply" and it's just as well I do something vulgar with my thumb... because I exit, go back, and the cert is still for the original DHCP assigned address again! I have searched, and searched, and searched and nowhere can I find the answer to what SHOULD be a very very simple fix.I have since reset the thing to factory defaults, and tried again, figuring the thing was corrupt. not a chance - I suffered out the numerous hours of re-syncing the drive, but alas... it did it again and while the IP address is a now a new DHCP assigned address, it's still not what I want - so I change it back to the static one I want, and again no way to generate a certificate with the correct IP address!!I am totally frustrated, and truly regretting buying Netgear!

Mr NAS_ARGH, What you are taking about is nothing to do with the NAS, and relates to your Browser.What is your browser and version?Have you tried Firefox or Chrome?Have you tried HTTP instead of HTTPs?Factory resetting, resyncing has nothing to do with certificates. Regards Marto

I have tried IE, Firefox, and ChromeIE10Firefox 25.0Chrome Version 30.0.1599.101 mBefore the factory reset, the certs were determined to be 192.168.1.13After the reset the certs were then insisting on being 192.168.1.16I cannot figure out for the life of me how to change, delete, or fix them. (I know resyncing is not going to do anything to fix the certificate problem, it is an unavoidable result of the reset, that's all...I only mentioned it because it took so long!) I did the factory reset because I could not find anyway to generate the proper credentials in the certificate.. so I figured the server was stuck/choked on this and hoped I could reset the darn thing. There is NO way to generate the cert in Dashboard like apparently there is in Frontview... at least that's what most responses to this problem seem to indicate)

You'll probably find your router is issuing the IP address. If you want it to stay the same, the router might have that capability (mine does). Alternatively, the Dashboard, System->Overview->Network->Ethernet Settings allows you to set a static IP address.Once you visit the Dashboard with Firefox/IE you can create an exception for the certificate error. I don't think the NV+ v2 has the ability to generate one.Or is there some other issue you are trying to solve?

I know the router assigned the first DHCP addresses... which is fine... I need that to log in to set up the NAS... but then I change it in the NAS to be static. (I.P.'s 192.168.1.1 to 192.168.1.10 are set in my router as static - IE they are not dished out via DHCP)that is not my issue... it's the certificate that the NAS is passing to the browser... it passes the certificate that says it is issued by the DHCP assigned IP address... and there appears to be no way to change that. I want, and have my NAS set to the IP address of 192.168.1.3I cannot get the NAS to pass the certificate stating that IP address as the issuer... it insists on passing the certificate stating the issuer is 192.168.1.16 (the DHCP assigned address)

aks wrote: I don't think the NV+ v2 has the ability to generate one.Yeah Tony - it appears there is no way to get the NV+ V2 to generate one. I guess I will have to live with the problem, it's just that it is so frustrating for something that SHOULD be so simple has been ignored by Netgear.

Generate a certificate????!!!!?!?!?

18 Replies

Replies have been turned off for this discussion

aks
Virtuoso
May 27, 2014
Hi Marto,

Not sure how this helps because the NAS unit here is NV+ v2 (running 5.x firmware, not OS6).

The problem is the NV+v2 does not have the ability to generate a certificate at all as far as I know, whereas the Duo/NV+ v1 does have this capability.
StephenB
Guru - Experienced User
May 28, 2014
If you can connect with https then the v2 is creating a self-signed certificate. It might not let you re-create it easily, but it is creating one. The v1 certificate is also self-signed of course. The implication of "self-signed" is that the certificate provides encryption, but it is not useful for authentication.

Did you try the two procedures?

If you access the NAS two ways (say by its IP address and over the internet using ddns) you will need to install the certificate twice.

Note if you use FireFox you can just store the security exception, which is easier.
aks
Virtuoso
May 28, 2014
Yes I have the exception added to my Firefox, so that's good.

StephenB wrote:
If you can connect with https then the v2 is creating a self-signed certificate. It might not let you re-create it easily, but it is creating one.

The NV+ v2 is certainly presenting a certificate, but with the default IP address of 192.168.168.168, but this leads me to believe it is not creating a certificate for the NAS configuration.

The v1 certificate is also self-signed of course. The implication of "self-signed" is that the certificate provides encryption, but it is not useful for authentication.

Understood.

I'm not suggesting that a self-generated certificate with specific IP address is effectively any different to the generic one, merely that it appears to be static, whereas with the Duo v1 it could be created.
xeltros
Apprentice
May 29, 2014
Certificates are kinda tricky to get by.
If you want to avoid the warning you need :
- to have a certificate that fits the IP/hostname of the NAS.
- to make sure that certificate has been approved by a certification authority
- to add the certificate authority to your trusted list
- to check certificate authority with another one

To generate a self signed certificate you can do this via SSH via openssl, there are plenty of tutorial on internet to do so. If you want your certificate to be accepted without question, use a certificate from verysign or thawte but that's not cheap. If you want all your home certificate to be accepted you could set an certificate authority, but that's quite a hassle just to avoid checking "always accept" the certificate in safari or firefox...
StephenB
Guru - Experienced User
May 29, 2014
I think aks is just wanting a control which regenerates the self-signed cert to matches its current IP address.

It's not something I care about myself (I haven't bothered to regenerate the certs on any of my NAS, and they are all mismatched with their reserved IP addresses). Since I access the NAS both over the internet and locally, the IP mismatch warning in the browser is going to happen sometimes anyway.

As far as creating the exception - "always accept" is easy to do in FireFox, but it's not so simple with IE or Chrome. Marto73 posted the procedure for them a few couple of posts up, and is looking for feedback. Though the articles include a little OS6 stuff, most of the material is on the mechanics of getting IE/Chrome to trust the NAS self-signed cert. That applies to any ReadyNAS.
xeltros
Apprentice
May 29, 2014
You could setup two web servers with two certificates, but as said before that's an unnecessary hassle.
I personally use safari for mac which has the same option.
aks
Virtuoso
May 31, 2014
Yes I just add permanent exception in Firefox, some folks use Chrome which is a bit more of a hassle to set up. I saw the instructions by Marto73 they look quite involved, and I appreciate that is down to the browser.

My real question is does it make a jot of difference have a self-signed certificate that matches the IP address of the NAS, rather than a random IP address? It seem not.
xeltros
Apprentice
May 31, 2014
A certificate is either valid or invalid. So no if it´s not perfect there is no difference.

As for the browser, that´s a shame chrome doesn´t have such a basic function but that´s up to google to implement that.

Forum Discussion

Generate a certificate????!!!!?!?!?

18 Replies

Related Content

Chrome Certificate

Routerlogin.net certificate “not trusted”

Generic streaming device

we could not verify the certificate: reason = untrusted

R9000/VPN renouvellement certificat privé/public

NETGEAR Academy

ProSupport for Business