NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

geoldr's avatar
geoldr
Tutor
Apr 10, 2015

SSL Certificate

Hi all I know the way to bypass the SSL security thing by importing the certificate manually, but I am wondering why we have to do this? My NETGEAR Router does not have this issue, just the ReadyNA...
Other Discussions
Questions
StephenB's avatar
StephenB
Guru - Experienced User
Apr 10, 2015
geoldr wrote:
Hi all

I know the way to bypass the SSL security thing by importing the certificate manually, but I am wondering why we have to do this? My NETGEAR Router does not have this issue, just the ReadyNAS.

Is this something that NETGEAR plans on fixing, or maybe creating a web based login or something so we don't get bother by the error in every browser on every machine in my house?
You are not using https with your netgear router. If you were, it would have the same issue.

The issue here is fundamental to what certificates certify. A certificate signed by a certificate authority (like verisign) certifies that the web site is in fact owned by the company that it claims to be. That is, the certificate for http://www.microsoft.com certifies that website you see when you enter "www.microsoft.com" actually belongs to microsoft, and isn't some fake site.

The certificate installed by default on the NAS is called a "self-signed" certificate - it is not issued by a certificate authority, and in fact it cannot be. Netgear can't get a CA certificate for you, you need to get one yourself (proving that you own the domain name). Netgear doesn't even know what domain name you will use.

The certificate error in the browser is because the browser has no way to verify a self-signed certificate. By analogy: I can claim to be Bill Gates (or perhaps myself). That is like a self-signed certificate. Some people might believe me just because I say so - but they would be fools if they let me board a plane (or purchase the plane) without a proper ID. The CA certificate is that proper ID.

You have to manually install the self-signed cert into the root store to tell the browser (actually in most cases the computer operating system) that you want to trust the cert without proof. Or click-through the error (which is what I do). Either way, you still get an encrypted https connection.

If you do own a domain name with a CA certificate, you can of course install that certficate onto the NAS. But it needs to be a true domain name (not a DDNS name).

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More