Reply

Generate a certificate????!!!!?!?!?

NAS_ARGH
Aspirant

Generate a certificate????!!!!?!?!?

How in the world can one generate a security certificate with this Hunk of Junk!

I have a Readynas NV+ 2V (ARM) and it does not have this Frontview that everyone says will generate the certificate. I am stuck with the Godforsaken Dashboard. Latest firmware RAIDiator 5.3.9

When you set it up it takes a DHCP assigned IP address and it will want to cling to that IP address come hell or high water! I set the unit to my static IP address... and also in the HTTP and HTTPS section as well, press "Apply" and it's just as well I do something vulgar with my thumb... because I exit, go back, and the cert is still for the original DHCP assigned address again! I have searched, and searched, and searched and nowhere can I find the answer to what SHOULD be a very very simple fix.

I have since reset the thing to factory defaults, and tried again, figuring the thing was corrupt. not a chance - I suffered out the numerous hours of re-syncing the drive, but alas... it did it again and while the IP address is a now a new DHCP assigned address, it's still not what I want - so I change it back to the static one I want, and again no way to generate a certificate with the correct IP address!!

I am totally frustrated, and truly regretting buying Netgear!
Message 1 of 19
Marto731
Aspirant

certificate & NAS

Mr NAS_ARGH,
What you are taking about is nothing to do with the NAS, and relates to your Browser.

What is your browser and version?
Have you tried Firefox or Chrome?
Have you tried HTTP instead of HTTPs?

Factory resetting, resyncing has nothing to do with certificates.

Regards Marto
NETGEAR ReadyNAS Former Employee-- Tech Support & Documentation
Contact Information: http://support.netgear.com/general/contact/default.aspx
Message 2 of 19
NAS_ARGH
Aspirant

Re: Generate a certificate????!!!!?!?!?

I have tried IE, Firefox, and Chrome

IE10
Firefox 25.0
Chrome Version 30.0.1599.101 m

Before the factory reset, the certs were determined to be 192.168.1.13
After the reset the certs were then insisting on being 192.168.1.16

I cannot figure out for the life of me how to change, delete, or fix them. (I know resyncing is not going to do anything to fix the certificate problem, it is an unavoidable result of the reset, that's all...I only mentioned it because it took so long!) I did the factory reset because I could not find anyway to generate the proper credentials in the certificate.. so I figured the server was stuck/choked on this and hoped I could reset the darn thing. There is NO way to generate the cert in Dashboard like apparently there is in Frontview... at least that's what most responses to this problem seem to indicate)
Message 3 of 19
aks
Virtuoso
Virtuoso

Re: Generate a certificate????!!!!?!?!?

You'll probably find your router is issuing the IP address. If you want it to stay the same, the router might have that capability (mine does). Alternatively, the Dashboard, System->Overview->Network->Ethernet Settings allows you to set a static IP address.

Once you visit the Dashboard with Firefox/IE you can create an exception for the certificate error. I don't think the NV+ v2 has the ability to generate one.

Or is there some other issue you are trying to solve?
-- Tony
Message 4 of 19
NAS_ARGH
Aspirant

Re: Generate a certificate????!!!!?!?!?

I know the router assigned the first DHCP addresses... which is fine... I need that to log in to set up the NAS... but then I change it in the NAS to be static. (I.P.'s 192.168.1.1 to 192.168.1.10 are set in my router as static - IE they are not dished out via DHCP)

that is not my issue... it's the certificate that the NAS is passing to the browser... it passes the certificate that says it is issued by the DHCP assigned IP address... and there appears to be no way to change that.

I want, and have my NAS set to the IP address of 192.168.1.3
I cannot get the NAS to pass the certificate stating that IP address as the issuer... it insists on passing the certificate stating the issuer is 192.168.1.16 (the DHCP assigned address)
Message 5 of 19
NAS_ARGH
Aspirant

Re: Generate a certificate????!!!!?!?!?

aks wrote:
I don't think the NV+ v2 has the ability to generate one.


Yeah Tony - it appears there is no way to get the NV+ V2 to generate one. I guess I will have to live with the problem, it's just that it is so frustrating for something that SHOULD be so simple has been ignored by Netgear.
Message 6 of 19
Marto731
Aspirant

Generate a certificate?

To NAS_ARGH
Two points:
Can you clear Cache on your browser.
You should be able to delete previous Certificates.

For example, Firefox, >> Tools> Options> Advanced> Certificates.
For IE> Tools> Internet Options> Content > Certificates.

Rgds Marto
NETGEAR ReadyNAS Former Employee-- Tech Support & Documentation
Contact Information: http://support.netgear.com/general/contact/default.aspx
Message 7 of 19
NAS_ARGH
Aspirant

Re: Generate a certificate????!!!!?!?!?

I am not a certificate guru but...

I did delete it/clear it... when you go to the IP address of the NAS (192.168.1.3) it will come back to you and say "The security certificate presented by this website was issued for a different website's address"

when you click on the "Continue to this website (not recommended). " option... it will then load the Readynas dashboard. In the address bar, it will be all red. When you click on the certificate error, it will give you the option to "view the certificate"

When you view the certificate, it will say it is issued to 192.168.1.16 and issued by 192.168.1.16 and give me the option then to install the certificate.

I would like to install a certificate however I would like to be able to install the certificate based on 192.168.1.3
Message 8 of 19
StephenB
Guru

Re: Generate a certificate????!!!!?!?!?

Note that even if you do regenerate it, you are still going to get a security exception with a self-signed certificate. Personally I just use FireFox and store a permanent exception.
Message 9 of 19
mellowmark
Aspirant

Re: Generate a certificate????!!!!?!?!?

Hi Guys
I am new to this one has anyone gotten anywhere with this issue.
I have the same situation.
Five lines of code will most likely fix it, if these NetGear guys get enough tickets on it they might do something about it.
I have a ticket going at there support site now.
I want it fixed also.
If we can not get a certificate for a local connection how can we go online also.
Come on Netgear put out a patch.
Message 10 of 19
Marto731
Aspirant

2 certificate articles

Mark,
It would not be possible for Netgear to be continually patching as browser versions from different providers change.
It would be a continual catch up process to keep up with the latest.

The attached links are articles on the knowledge base.

Installing a Certificate on IE for OS6 ReadyNAS
http://kb.netgear.com/app/answers/detail/a_id/7002

Installing a Certificate on Google Chrome for OS6 ReadyNAS
http://kb.netgear.com/app/answers/detail/a_id/7003

I will accept constructive comments for either.
Thanks, Marto
NETGEAR ReadyNAS Former Employee-- Tech Support & Documentation
Contact Information: http://support.netgear.com/general/contact/default.aspx
Message 11 of 19
aks
Virtuoso
Virtuoso

Re: Generate a certificate????!!!!?!?!?

Hi Marto,

Not sure how this helps because the NAS unit here is NV+ v2 (running 5.x firmware, not OS6).

The problem is the NV+v2 does not have the ability to generate a certificate at all as far as I know, whereas the Duo/NV+ v1 does have this capability.
-- Tony
Message 12 of 19
StephenB
Guru

Re: Generate a certificate????!!!!?!?!?

If you can connect with https then the v2 is creating a self-signed certificate. It might not let you re-create it easily, but it is creating one. The v1 certificate is also self-signed of course. The implication of "self-signed" is that the certificate provides encryption, but it is not useful for authentication.

Did you try the two procedures?

If you access the NAS two ways (say by its IP address and over the internet using ddns) you will need to install the certificate twice.

Note if you use FireFox you can just store the security exception, which is easier.
Message 13 of 19
aks
Virtuoso
Virtuoso

Re: Generate a certificate????!!!!?!?!?

Yes I have the exception added to my Firefox, so that's good.

StephenB wrote:
If you can connect with https then the v2 is creating a self-signed certificate. It might not let you re-create it easily, but it is creating one.

The NV+ v2 is certainly presenting a certificate, but with the default IP address of 192.168.168.168, but this leads me to believe it is not creating a certificate for the NAS configuration.

The v1 certificate is also self-signed of course. The implication of "self-signed" is that the certificate provides encryption, but it is not useful for authentication.

Understood.

I'm not suggesting that a self-generated certificate with specific IP address is effectively any different to the generic one, merely that it appears to be static, whereas with the Duo v1 it could be created.
-- Tony
Message 14 of 19
xeltros
Apprentice

Re: Generate a certificate????!!!!?!?!?

Certificates are kinda tricky to get by.
If you want to avoid the warning you need :
- to have a certificate that fits the IP/hostname of the NAS.
- to make sure that certificate has been approved by a certification authority
- to add the certificate authority to your trusted list
- to check certificate authority with another one

To generate a self signed certificate you can do this via SSH via openssl, there are plenty of tutorial on internet to do so. If you want your certificate to be accepted without question, use a certificate from verysign or thawte but that's not cheap. If you want all your home certificate to be accepted you could set an certificate authority, but that's quite a hassle just to avoid checking "always accept" the certificate in safari or firefox...
Backup is crucial : Learn more here
Message 15 of 19
StephenB
Guru

Re: Generate a certificate????!!!!?!?!?

I think aks is just wanting a control which regenerates the self-signed cert to matches its current IP address.

It's not something I care about myself (I haven't bothered to regenerate the certs on any of my NAS, and they are all mismatched with their reserved IP addresses). Since I access the NAS both over the internet and locally, the IP mismatch warning in the browser is going to happen sometimes anyway.

As far as creating the exception - "always accept" is easy to do in FireFox, but it's not so simple with IE or Chrome. Marto73 posted the procedure for them a few couple of posts up, and is looking for feedback. Though the articles include a little OS6 stuff, most of the material is on the mechanics of getting IE/Chrome to trust the NAS self-signed cert. That applies to any ReadyNAS.
Message 16 of 19
xeltros
Apprentice

Re: Generate a certificate????!!!!?!?!?

You could setup two web servers with two certificates, but as said before that's an unnecessary hassle.
I personally use safari for mac which has the same option.
Backup is crucial : Learn more here
Message 17 of 19
aks
Virtuoso
Virtuoso

Re: Generate a certificate????!!!!?!?!?

Yes I just add permanent exception in Firefox, some folks use Chrome which is a bit more of a hassle to set up. I saw the instructions by Marto73 they look quite involved, and I appreciate that is down to the browser.

My real question is does it make a jot of difference have a self-signed certificate that matches the IP address of the NAS, rather than a random IP address? It seem not.
-- Tony
Message 18 of 19
xeltros
Apprentice

Re: Generate a certificate????!!!!?!?!?

A certificate is either valid or invalid. So no if it´s not perfect there is no difference.

As for the browser, that´s a shame chrome doesn´t have such a basic function but that´s up to google to implement that.
Backup is crucial : Learn more here
Message 19 of 19
Top Contributors
Discussion stats
  • 18 replies
  • 3831 views
  • 0 kudos
  • 6 in conversation
Announcements