Start SSL

Post your questions about myQNAPcloud service here.
Post Reply
Konrad.z
New here
Posts: 5
Joined: Sun Feb 14, 2016 6:14 am

Start SSL

Post by Konrad.z » Sun Feb 14, 2016 7:42 am

Welcome Everyone,
It's my first post on this forum.
I've never configured QNAP NAS before and I struggle a lot with the setup of myqnapcloud, actually it is more related to SSL certificate and secure connection to my NAS from remote location. I was hoping to use free class 1 SSL certificate from StartSSL.com. I've read few how-to's but I fall on the first hurdle.
StartSSl website ask me to use Validation Wizard to validate domain name before I can get a certificate.
download/file.php?mode=view&id=16872
There are few validation options as in the image below:
download/file.php?mode=view&id=16873
I understand I should input (myQNAPcloud device name).myqnapcloud.com as my domain name
download/file.php?mode=view&id=16874
download/file.php?mode=view&id=16875

Problem is - any of the email addresses listed is not mine. What am I doing wrong?
Has any of you used StartSSL and what is the correct way to obtain certificate?
Many thanks in advance
Konrad
You do not have the required permissions to view the files attached to this post.

User avatar
schumaku
Guru
Posts: 43673
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Start SSL

Post by schumaku » Mon Feb 15, 2016 12:00 am

Hello namesake,

StartSSL does correctly require the proof that you are the owner of a domain - not just the operator of a single host like yourname.myqnapcloud.com. Therefore, neither StartSSL nor any other serious certificate provider will issue certificates for a host in a domain not owned by you.

There is one provider baldy violating this global policy ... in my opinion, it's not acceptable.

Regards,
-Kurt.

Konrad.z
New here
Posts: 5
Joined: Sun Feb 14, 2016 6:14 am

Re: Start SSL

Post by Konrad.z » Mon Feb 15, 2016 1:18 am

Thank you for the answer. That is what I felt after reading some threads on this forum.
I try to understand importance of the SSL certificate in my circumstances. If I will only give access to my family should I be worried about SSL certificate? Do I understand correctly that connection is encrypted anyway? And only difference is the message about unknown certificate?
I'm totally new to NAS and can see this box is a bit of a overkill for my needs but you never know... Maybe one day I will be able to use more of its potential.
What would you recommended for me. I need to be able to back up my photos from remote location, and have access to files I store on the NAS. Access is for my wife and for my over 60 year old mother and mother in law to see pictures and videos of my family. We live far away and would like them to have access. Both are not great computer users barely know how to open browser and type in website address on their tablets.
Should I get myself a domain name and get certificate for it and then somehow link domain to my NAS? Is there a tutorial for totally new to Qnap NASes?
Many thanks again.
Konrad

User avatar
schumaku
Guru
Posts: 43673
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Start SSL

Post by schumaku » Mon Feb 15, 2016 2:23 am

To keep things easy ... QNAP has introduced the myQNAPcloud SSL certificate. FMI: How to purchase and use myQNAPcloud SSL certificates?

In general, you always can create your own self-singed certificate (look there -> viewtopic.php?f=32&t=63102#p521110) and install it. No SSL client is able to check them, so the browser will always show a red warning - but you have your own private key, your own certificate - not a shared one like the QNAP default certificates. This would be a no-cost approach.

Then, nicely marketed, but coming with a crappy certificate issue policy, not requiring an own domain: https://letsencrypt.org/ ... some NAS owners are working on an implementation/integration - I've not followed up the progess yet ... so please use search in the forum for now.

Hope this does give you a bigger picture and some alternate ideas.

Regards,
-Kurt.

Konrad.z
New here
Posts: 5
Joined: Sun Feb 14, 2016 6:14 am

Re: Start SSL

Post by Konrad.z » Mon Feb 15, 2016 3:31 am

Thank you,
I'm after a free solution. I'm going to go with OpenSSL for now as it seems I can manage installation of it. I will wait for an future development of letsencrypt.org for Qnap. App as mentioned in viewtopic.php?f=24&t=113676 would be ideal for a newbie like me.
Thanks

Edit:
I also foun this viewtopic.php?t=117668 which mentions QPython 2.7.11 problem is I can't find any info on how to use it.

Konrad.z
New here
Posts: 5
Joined: Sun Feb 14, 2016 6:14 am

Re: Start SSL

Post by Konrad.z » Mon Feb 15, 2016 5:10 am

I've just generated key and Certificate using Open SSL,
I think this is the way to go. Simple and fast.
Thank you

User avatar
GTunney
Been there, done that
Posts: 596
Joined: Tue Oct 14, 2014 4:16 pm

Re: Start SSL

Post by GTunney » Fri Feb 19, 2016 4:41 pm

The best and ideal option would be to have your own domain then register the cert for your domain.

I've just recently aquired a domain, pointed home.domain.co.uk with a DNS A record to my home IP then had a cert created for home.domain.co.uk

Added the certs to the QNAP and it's all working fine. Verified domain and only cost about £4 from go Daddy as they have a 99% off offer.
Model: TS-653B 8GB
FW: 4.4.1.1031 Build: 20190816
Disks: 3 x 4TB Western Digital WD40EFRX - RAID 5
Total Storage: 7.2TB
Applications: Plex MS | QCouchPotato | QSabnzbd+ | QSickrage | QHeadphones | HTPC Manager | Kodi v18.4 MySQL
Other Devices: Netgear D7000 AC1900 VDSL Router | FTTC - 80/20 | Netgear GS108 Gigabit Switch

Obscure
New here
Posts: 2
Joined: Wed Nov 06, 2019 2:20 am

Re: Start SSL

Post by Obscure » Wed Nov 06, 2019 2:46 am

GTunney wrote:
Fri Feb 19, 2016 4:41 pm
The best and ideal option would be to have your own domain then register the cert for your domain.

I've just recently aquired a domain, pointed home.domain.co.uk with a DNS A record to my home IP then had a cert created for home.domain.co.uk

Added the certs to the QNAP and it's all working fine. Verified domain and only cost about £4 from go Daddy as they have a 99% off offer.
Hi everyone;
I hope someone still responds to this thread, since it is a bit old.
I looking in the forum for a solution to access my nas via my own domain...
for this I ask you for help: I ​​already have a domain and obviously dns to point to...
could you tell me in a more detailed way how to do? thanks a lot!

dolbyman
Guru
Posts: 15245
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Start SSL

Post by dolbyman » Wed Nov 06, 2019 2:50 am

1) see current warnings about malware, if you can access your NAS from the web others might want to a can as well
2) read a couple of these
https://support.myqnapcloud.com/faq/all ... te&lang=en

Obscure
New here
Posts: 2
Joined: Wed Nov 06, 2019 2:20 am

Re: Start SSL

Post by Obscure » Wed Nov 06, 2019 1:58 pm

dolbyman wrote:
Wed Nov 06, 2019 2:50 am
1) see current warnings about malware, if you can access your NAS from the web others might want to a can as well
2) read a couple of these
https://support.myqnapcloud.com/faq/all ... te&lang=en
thanks for your quick response dolbyman.
I am aware of the risks involved when connecting the nas to the internet.
but I wanted to ask you would you know how to drive me in the configuration of the nas to be able to access through my domain "nas.mydomain.com"
I am not very practical in this and I would not make any mistakes by compromising security.
Thanks a lot.

dolbyman
Guru
Posts: 15245
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Start SSL

Post by dolbyman » Wed Nov 06, 2019 10:03 pm

use a vpn .. you can still use the ddns name to resolve the ip
(better on router or firewall..optional on nas)
everything else is too risky

Post Reply

Return to “myQNAPcloud service”