× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Invalid Certificate.

cwiebe
Aspirant

Invalid Certificate.

I have a ReadyNas Duo V2 accessed with FF v23 on Win7 x64.
When the nas was first installed, it was given an ip address of 192.168.0.157. Standards are devices get addresses below 120 so it was static dhcp'd to 192.168.0.7. Now, every single time FF and chrome both complain the security certificate is invalid. I have tried a variety of things offered from other threads, but none seem to work.

My question is:
1. Is there any way to permanently store the certificate for FF and/or chrome so the certificate is accepted?
2. Is there a way to get the Readynas to recreate the certificate for the current ip address?

Thanks (and I can't believe this is still and issue with Netgear).
Cliff.
Message 1 of 12
vandermerwe
Master

Re: Invalid Certificate.

Well, you can regenerate the certificate by going to the https service in the GUI. Enter the current IP address of the NAS.
Then in chrome you should be able to add the certificate in advance security settings.
Firefox - should have similar security settings are where you can add certificates.
Message 2 of 12
StephenB
Guru

Re: Invalid Certificate.

You can certainly tell FF to create a permanent security exception - I have done that. It doesn't actually store the certificate in that case, instead it just remembers that there is an exception. IT will then take you directly to the web page with no fuss.

With Chrome, I believe all certificates need to be installed by the native browser (IE in the case of Windows).

This is not a Netgear issue btw - it is inherent to all self-signed certificates The only thing Netgear to do to prevent this is to not allow https at all.

BTW - I deleted the duplicate thread...
Message 3 of 12
cwiebe
Aspirant

Re: Invalid Certificate.

Vandermere, is there some reference I could use to recreate the certificate? If you could point me in the right direction I'd appreciate it.
Message 4 of 12
cwiebe
Aspirant

Re: Invalid Certificate.

StephenB, I have tried to coax FF to save the certificate, but it doesn't stick. Same with chrome. The certificate is still signed from the original .157 address, not the current .7 address. Not allowing a change in the ip address is definitely a defect with the Netgear software.
1 We should use https for increased security.
2 We'll create a certificate that becomes useless minutes after installation and not have a simple method to update the certificate.
3 We'll just tell folks to not worry about the invalid certificate, just click through it. (see step 1)
Message 5 of 12
StephenB
Guru

Re: Invalid Certificate.

FireFox first gives you
"This Connection is Untrusted"

Technical Details are
x.x.x.x uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for y.y.y.y

(Error code: sec_error_untrusted_issuer)


Then you click on "I understand the risks", and "add exception".

That brings up a pop-up
"You are about to override how FireFox identifies this site"

Then check "permanently store this exception" at the bottom, and click the "Confirm Security Exception"

As I mentioned, this is not storing the certificate, it is creating a permanent exception specific to that site. If you access the NAS multiiple ways (IP address and various names) you need to do this process for each name/ip.
Message 6 of 12
vandermerwe
Master

Re: Invalid Certificate.

Have you regenerated the certificate with the correct IP address. You need to enter the IP address in a field within the window that opens when you click on https settings
Message 7 of 12
vandermerwe
Master

Re: Invalid Certificate.

I think you find the https settings in Configure, System, Services, https.
Once you've done this make sure you clear your browser cache.
You may need an OS reinstall as well if the above doesn't work.
If you access the unit in different ways, what exactly do you mean - even an IP address and a name are only 2 exceptions to add. You should only have to do this all once.
Message 8 of 12
StephenB
Guru

Re: Invalid Certificate.

vandermerwe wrote:
If you access the unit in different ways, what exactly do you mean - even an IP address and a name are only 2 exceptions to add. You should only have to do this all once.

Local name, local IP, ddns name... At least 3, and if you have a static external ip address, possibly 4. I agree you only need to do this once on each machine.
Message 9 of 12
cwiebe
Aspirant

Re: Invalid Certificate.

vandermerwe wrote:
Have you regenerated the certificate with the correct IP address. You need to enter the IP address in a field within the window that opens when you click on https settings


I'm an idiot. I have no idea how to regenerate the certificate. Do I generate this from FF or from Readynas?
Message 10 of 12
vandermerwe
Master

Re: Invalid Certificate.

vandermerwe wrote:
I think you find the https settings in Configure, System, Services, https.
Once you've done this make sure you clear your browser cache.
You may need an OS reinstall as well if the above doesn't work.
...



You do it from readynas:
Go to Configure, System, Services. Then I think right click on https (it should already be activated). You should then see something that allows you to verify/change the ip address of the nas for the certificate, and something to regenerate it. This is the way it works in all of the other readynas operating systems so i assume it will be the same for 5.3.8
Message 11 of 12
cwiebe
Aspirant

Re: Invalid Certificate.

Thanks Vandemere, that worked perfectly! I now have a certificate that matches the IP address.

In other, mildly humorous news, I was playing around with certificate stuff so much in FF I finally got to the point where FF wouldn't even let me access the site. I uninstalled FF an reinstalled it, and then it let me store the certificate permanently!

Thanks again to all for your help! A minor annoyance is now resolved.
Message 12 of 12
Top Contributors
Discussion stats
  • 11 replies
  • 3783 views
  • 0 kudos
  • 3 in conversation
Announcements