I know the way to bypass the SSL security thing by importing the certificate manually, but I am wondering why we have to do this? My NETGEAR Router does not have this issue, just the ReadyNAS.
Is this something that NETGEAR plans on fixing, or maybe creating a web based login or something so we don't get bother by the error in every browser on every machine in my house?
I know the way to bypass the SSL security thing by importing the certificate manually, but I am wondering why we have to do this? My NETGEAR Router does not have this issue, just the ReadyNAS.
Is this something that NETGEAR plans on fixing, or maybe creating a web based login or something so we don't get bother by the error in every browser on every machine in my house?
You are not using https with your netgear router. If you were, it would have the same issue.
The issue here is fundamental to what certificates certify. A certificate signed by a certificate authority (like verisign) certifies that the web site is in fact owned by the company that it claims to be. That is, the certificate for http://www.microsoft.com certifies that website you see when you enter "www.microsoft.com" actually belongs to microsoft, and isn't some fake site.
The certificate installed by default on the NAS is called a "self-signed" certificate - it is not issued by a certificate authority, and in fact it cannot be. Netgear can't get a CA certificate for you, you need to get one yourself (proving that you own the domain name). Netgear doesn't even know what domain name you will use.
The certificate error in the browser is because the browser has no way to verify a self-signed certificate. By analogy: I can claim to be Bill Gates (or perhaps myself). That is like a self-signed certificate. Some people might believe me just because I say so - but they would be fools if they let me board a plane (or purchase the plane) without a proper ID. The CA certificate is that proper ID.
You have to manually install the self-signed cert into the root store to tell the browser (actually in most cases the computer operating system) that you want to trust the cert without proof. Or click-through the error (which is what I do). Either way, you still get an encrypted https connection.
If you do own a domain name with a CA certificate, you can of course install that certficate onto the NAS. But it needs to be a true domain name (not a DDNS name).
Hi Nhellie, you must have missed in my post that I said I am familiar with the steps on how to bypass it by adding in the certificate manually. I was looking for a way to disable HTTPS & SSL like on my NETGEAR Router so I don't have to deal with this issue.
I know the way to bypass the SSL security thing by importing the certificate manually, but I am wondering why we have to do this? My NETGEAR Router does not have this issue, just the ReadyNAS.
Is this something that NETGEAR plans on fixing, or maybe creating a web based login or something so we don't get bother by the error in every browser on every machine in my house?
You are not using https with your netgear router. If you were, it would have the same issue.
The issue here is fundamental to what certificates certify. A certificate signed by a certificate authority (like verisign) certifies that the web site is in fact owned by the company that it claims to be. That is, the certificate for http://www.microsoft.com certifies that website you see when you enter "www.microsoft.com" actually belongs to microsoft, and isn't some fake site.
The certificate installed by default on the NAS is called a "self-signed" certificate - it is not issued by a certificate authority, and in fact it cannot be. Netgear can't get a CA certificate for you, you need to get one yourself (proving that you own the domain name). Netgear doesn't even know what domain name you will use.
The certificate error in the browser is because the browser has no way to verify a self-signed certificate. By analogy: I can claim to be Bill Gates (or perhaps myself). That is like a self-signed certificate. Some people might believe me just because I say so - but they would be fools if they let me board a plane (or purchase the plane) without a proper ID. The CA certificate is that proper ID.
You have to manually install the self-signed cert into the root store to tell the browser (actually in most cases the computer operating system) that you want to trust the cert without proof. Or click-through the error (which is what I do). Either way, you still get an encrypted https connection.
If you do own a domain name with a CA certificate, you can of course install that certficate onto the NAS. But it needs to be a true domain name (not a DDNS name).
Hi StephenB, thank you for the explanation of SSL. Unfortunately, I am familiar with what it is and how it works, but that was not my question. I should have been more clear with my question - is there a way to disable HTTPS and SSL verification? My NAS is behind a NAT and is in no way accessible from the outside world. There are only two users on my network, and I believe that password protection is plenty sufficient.
My NETGEAR router on the other hand (by default at least) was accessible from the outside, and it does not even use HTTPS!
I would love to be able to just disable it and forget about it. Unfortunately it looks like the HTTPS box is always on, and not something I can toggle. Is there something I can do within the OS to disable SSL ?
Sorry for the confusion on this - we get a lot of questions about the cert warning, and most are from people who don't know how certs work.
As you say https can't be disabled. You can enable "http admin" in the http service, which might be enough to solve the problem (though chrome prefers https, and often tries it first).
Sorry for the confusion on this - we get a lot of questions about the cert warning, and most are from people who don't know how certs work.
As you say https can't be disabled. You can enable "http admin" in the http service, which might be enough to solve the problem (though chrome prefers https, and often tries it first).
No worries. Honestly, I forgot that I enabled HTTP admin a long time ago, and have just been going to the HTTPS page ever since. I am now going to the regular HTTP one, and all is well.
Add full ca-certificates bundle to fix apps that use HTTPS.
That fixes a different problem. Netgear cut back on the root certificates they installed a few releases ago, which resulted in breaking the cert trust chain for several apps and user-installed tools.
Add full ca-certificates bundle to fix apps that use HTTPS.
That fixes a different problem. Netgear cut back on the root certificates they installed a few releases ago, which resulted in breaking the cert trust chain for several apps and user-installed tools.
