SSL Certificate

StephenB wrote:

geoldr wrote: Hi all I know the way to bypass the SSL security thing by importing the certificate manually, but I am wondering why we have to do this? My NETGEAR Router does not have this issue, just the ReadyNAS. Is this something that NETGEAR plans on fixing, or maybe creating a web based login or something so we don't get bother by the error in every browser on every machine in my house? You are not using https with your netgear router. If you were, it would have the same issue. The issue here is fundamental to what certificates certify. A certificate signed by a certificate authority (like verisign) certifies that the web site is in fact owned by the company that it claims to be. That is, the certificate for http://www.microsoft.com certifies that website you see when you enter "www.microsoft.com" actually belongs to microsoft, and isn't some fake site. The certificate installed by default on the NAS is called a "self-signed" certificate - it is not issued by a certificate authority, and in fact it cannot be. Netgear can't get a CA certificate for you, you need to get one yourself (proving that you own the domain name). Netgear doesn't even know what domain name you will use. The certificate error in the browser is because the browser has no way to verify a self-signed certificate. By analogy: I can claim to be Bill Gates (or perhaps myself). That is like a self-signed certificate. Some people might believe me just because I say so - but they would be fools if they let me board a plane (or purchase the plane) without a proper ID. The CA certificate is that proper ID. You have to manually install the self-signed cert into the root store to tell the browser (actually in most cases the computer operating system) that you want to trust the cert without proof. Or click-through the error (which is what I do). Either way, you still get an encrypted https connection. If you do own a domain name with a CA certificate, you can of course install that certficate onto the NAS. But it needs to be a true domain name (not a DDNS name).

Hi StephenB, thank you for the explanation of SSL. Unfortunately, I am familiar with what it is and how it works, but that was not my question. I should have been more clear with my question - is there a way to disable HTTPS and SSL verification? My NAS is behind a NAT and is in no way accessible from the outside world. There are only two users on my network, and I believe that password protection is plenty sufficient.

My NETGEAR router on the other hand (by default at least) was accessible from the outside, and it does not even use HTTPS!

I would love to be able to just disable it and forget about it. Unfortunately it looks like the HTTPS box is always on, and not something I can toggle. Is there something I can do within the OS to disable SSL ?