I Love Thecus
Certificate Error - Printable Version

+- I Love Thecus (http://forum.thecus.com)
+-- Forum: Thecus Linux NAS (http://forum.thecus.com/forumdisplay.php?fid=6)
+--- Forum: NAS from 2 to 4 bays - Home (http://forum.thecus.com/forumdisplay.php?fid=53)
+---- Forum: N3200PRO (http://forum.thecus.com/forumdisplay.php?fid=16)
+---- Thread: Certificate Error (/showthread.php?tid=13897)

Certificate Error - dkc1959 - 12-13-2018


I have had a Thecus 3200PRO for years  and it's still running well … with 1 simple exception. The Digital Certificate has now expired, so I have to convince my browser to still go there when I want to access the admin console. The Certificate was valid from August 2008 to August 2018, and to date I've worked around the problem, but would really like to fix it. It seems that all that's required is a refresh of the Certificate from Thecus … or just tell me how to do it myself ?


RE: Certificate Error - Blackbear199 - 12-13-2018

there's a pdf here that explains how to do it...

this is a bit old though,do a google dearch on creating your own ssl certificate,example..


once u have the pc part done, all you do it import it to ur nas as the pdf says.

RE: Certificate Error - dkc1959 - 12-13-2018

Yep thanks ... I found that doc and followed it as much as possible, but the 3200PRO doesn't have the menu item described to upload the new cert I created into the NAS. I have tried just copying the new cert & key into /etc/ssl/certs and /etc/ssl/private, but that hasn't worked.


RE: Certificate Error - Blackbear199 - 12-13-2018

i dont use ssl as only access to my nas is via lan but i just check my filesystem and also have the /ect/ssl folder but i also see in /etc/httpd/conf there is a cert and key folder.
maybe this is for the gui?

RE: Certificate Error - Blackbear199 - 12-13-2018

was just doing some searching,there's also letencrypt app that will do this also for you,see here..


scroll down to the screenshots for web services(they are similar to ones in the pdf in above post).
so ur saying that you dont have the options to import them in your nas?

i use OS7 which has lets encrypt built in to automatically do this.

RE: Certificate Error - dkc1959 - 12-14-2018

Yep … older model NAS 3200PRO … doesn't have menu item to import certs

RE: Certificate Error - Blackbear199 - 12-14-2018

well other than making a donation to oskastam site to get lets encrypt the only other thing i can think of is that i noticed that all the certificates are in .pem format
are the ones you created in this?
in the link i first posted there are links to convert them from other formats to .pem

RE: Certificate Error - dkc1959 - 12-14-2018

It took a while, but I think I've found the original cert that is now expired … /etc/httpd/conf/ssl.crt/server.crt
Issued to N3200PRO.thecus.com
Issued by dummy_ca.thecus.com
… which matches the details showing when I show details of the Certificate Error from Microsoft Edge browser, and the location matches what you found also. 

Also, contents of /etc/httpd/conf/ssl.conf has great info that may yield the answer


RE: Certificate Error - Blackbear199 - 12-14-2018

interesting,i didnt look inside the conf file but now that i did..

i find it stupid that my nas is running 2 instances of apache,one for the gui,ect and one as a module.

RE: Certificate Error - dkc1959 - 12-18-2018

Yep agreed ... also, when you look at the timestamps on the various certificates in the /etc locations, they've obviously been loaded at boot time so even when I replace one, they get overwritten at boot by the original version. Stumped at the moment ... oh well holidays soon and maybe have more time

RE: Certificate Error - Blackbear199 - 12-18-2018

looking again..
in /opt/apache/conf folder
there is also ssl.crt and ssl.key folder
inside the ssl.conf

DocumentRoot "/opt/apache/htdocs"
ServerName N4810.thecus.com:443

and also..

SSLCertificateFile /opt/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /opt/apache/conf/ssl.key/server.key
SSLCACertificateFile /opt/apache/conf/ssl.crt/ca-bundle.crt

this has to be for the gui.