Start SSL

[Konrad.z]

Welcome Everyone,
It's my first post on this forum.
I've never configured QNAP NAS before and I struggle a lot with the setup of myqnapcloud, actually it is more related to SSL certificate and secure connection to my NAS from remote location. I was hoping to use free class 1 SSL certificate from StartSSL.com. I've read few how-to's but I fall on the first hurdle.
StartSSl website ask me to use Validation Wizard to validate domain name before I can get a certificate.
http://forum.qnap.com/download/file.php ... w&id=16872
There are few validation options as in the image below:
http://forum.qnap.com/download/file.php ... w&id=16873
I understand I should input (myQNAPcloud device name).myqnapcloud.com as my domain name
http://forum.qnap.com/download/file.php ... w&id=16874
http://forum.qnap.com/download/file.php ... w&id=16875

Problem is - any of the email addresses listed is not mine. What am I doing wrong?
Has any of you used StartSSL and what is the correct way to obtain certificate?
Many thanks in advance
Konrad

[schumaku]

Hello namesake,

StartSSL does correctly require the proof that you are the owner of a domain - not just the operator of a single host like yourname.myqnapcloud.com. Therefore, neither StartSSL nor any other serious certificate provider will issue certificates for a host in a domain not owned by you.

There is one provider baldy violating this global policy ... in my opinion, it's not acceptable.

Regards,
-Kurt.

[Konrad.z]

Thank you for the answer. That is what I felt after reading some threads on this forum.
I try to understand importance of the SSL certificate in my circumstances. If I will only give access to my family should I be worried about SSL certificate? Do I understand correctly that connection is encrypted anyway? And only difference is the message about unknown certificate?
I'm totally new to NAS and can see this box is a bit of a overkill for my needs but you never know... Maybe one day I will be able to use more of its potential.
What would you recommended for me. I need to be able to back up my photos from remote location, and have access to files I store on the NAS. Access is for my wife and for my over 60 year old mother and mother in law to see pictures and videos of my family. We live far away and would like them to have access. Both are not great computer users barely know how to open browser and type in website address on their tablets.
Should I get myself a domain name and get certificate for it and then somehow link domain to my NAS? Is there a tutorial for totally new to Qnap NASes?
Many thanks again.
Konrad

[schumaku]

To keep things easy ... QNAP has introduced the myQNAPcloud SSL certificate. FMI: How to purchase and use myQNAPcloud SSL certificates?

In general, you always can create your own self-singed certificate (look there -> http://forum.qnap.com/viewtopic.php?f=3 ... 02#p521110) and install it. No SSL client is able to check them, so the browser will always show a red warning - but you have your own private key, your own certificate - not a shared one like the QNAP default certificates. This would be a no-cost approach.

Then, nicely marketed, but coming with a crappy certificate issue policy, not requiring an own domain: https://letsencrypt.org/ ... some NAS owners are working on an implementation/integration - I've not followed up the progess yet ... so please use search in the forum for now.

Hope this does give you a bigger picture and some alternate ideas.

Regards,
-Kurt.

[Konrad.z]

Thank you,
I'm after a free solution. I'm going to go with OpenSSL for now as it seems I can manage installation of it. I will wait for an future development of letsencrypt.org for Qnap. App as mentioned in http://forum.qnap.com/viewtopic.php?f=24&t=113676 would be ideal for a newbie like me.
Thanks

Edit:
I also foun this http://forum.qnap.com/viewtopic.php?t=117668 which mentions QPython 2.7.11 problem is I can't find any info on how to use it.

[Konrad.z]

I've just generated key and Certificate using Open SSL,
I think this is the way to go. Simple and fast.
Thank you

[GTunney]

The best and ideal option would be to have your own domain then register the cert for your domain.

I've just recently aquired a domain, pointed home.domain.co.uk with a DNS A record to my home IP then had a cert created for home.domain.co.uk

Added the certs to the QNAP and it's all working fine. Verified domain and only cost about £4 from go Daddy as they have a 99% off offer.

[Obscure]

The best and ideal option would be to have your own domain then register the cert for your domain.

I've just recently aquired a domain, pointed home.domain.co.uk with a DNS A record to my home IP then had a cert created for home.domain.co.uk

Added the certs to the QNAP and it's all working fine. Verified domain and only cost about £4 from go Daddy as they have a 99% off offer.

Hi everyone;
I hope someone still responds to this thread, since it is a bit old.
I looking in the forum for a solution to access my nas via my own domain...
for this I ask you for help: I ​​already have a domain and obviously dns to point to...
could you tell me in a more detailed way how to do? thanks a lot!

[dolbyman]

1) see current warnings about malware, if you can access your NAS from the web others might want to a can as well
2) read a couple of these
https://support.myqnapcloud.com/faq/all ... te&lang=en

[Obscure]

1) see current warnings about malware, if you can access your NAS from the web others might want to a can as well
2) read a couple of these
https://support.myqnapcloud.com/faq/all ... te&lang=en

thanks for your quick response dolbyman.
I am aware of the risks involved when connecting the nas to the internet.
but I wanted to ask you would you know how to drive me in the configuration of the nas to be able to access through my domain "nas.mydomain.com"
I am not very practical in this and I would not make any mistakes by compromising security.
Thanks a lot.

[dolbyman]

use a vpn .. you can still use the ddns name to resolve the ip
(better on router or firewall..optional on nas)
everything else is too risky