Generating a self-signed SSL certificate for my QNAP NAS

I recently bought a new NAS (Network Attached Storage) to deal with some of my remote work requirements. Initially I was going to build a server to do the job from spare parts, but I was concerned about power consumption and of course the amount of time it would take to build, configure and administrate.

In the end, I had a little look at a few reviews and I decided on the QNAP 219P+. I can honestly say without a doubt that it's one of the best pieces of kit I've bought for a while. It's very feature rich, (almost) everything seems to work perfectly, the interface is well organised and easy to use, and maybe the most important part - it's fast. I'm having a few issues getting the WebDAV service accepting connections, though I think it's Windows' fault, not the QNAP. It's a little on the pricey side for home users, but I didn't mind paying what I did considering how good it is.

One of the things I wanted to do was secure my remote communication with the NAS. Exposing ports on your router is obviously a security risk, but necessary in order to use services remotely. The QNAP has SSL capability built in to most of the services, and installing a certificate is a cinch, though generating a free certificate proved a little fiddly.

Having always used paid-for SSL certificates in the past (Verisign, GoDaddy etc), I've never needed to really understand SSL/TLS. I still don't really understand it to be honest... security and encryption is an area I've little interest in - as long as .Net's cryptographic classes make my data unreadable, I'm happy :)

Anyway - I used OpenSSL to generate a certificate for my QNAP. However, when I installed the certificate (on the NAS and in my trusted root certificates on the Windows machine I was using to access it), I received a "Mismatched Address Certificate Error" during the handshake.

One thing the above article failed to mention was that I needed to specify my "Common Name" as the EXTERNAL web address of my NAS, without prefixing the protocol. So if the BBC wanted to secure their website, their "Common Name" would be "www.bbc.co.uk", for example. I found the solution here, after a bit of reading.

Popular posts from this blog

How I Learned to Lose Weight and Love Exercise (again)

AutoMapper: UseValue vs ResolveUsing vs MapFrom

GDPR: Application Password Security in 2018