DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

Pages: 1

 

#1 2012-12-06 06:16:47

Mordvinov
New member
Registered: 2012-12-06
Posts: 4

Web GUI certs require firefox exception when accessed by hostname

Hi all

I've just upgraded my 3x DNS-323s to firmware 1.0.8 - primarily for the SSL support provided for FTP and the web admin pages.  All went well.

All 3 use fun_plug 0.5 (thanks fonz!).

My question is, is it possible to change the web admin SSL certs to recognise hostnames? If I access by hostname, I have to add a Firefox exception, because the generated certs use IP address and not my hostname.


After some digging around, I found the following files in /mnt/HD_a2/.systemfile that I suspect are the SSL keys persisted to disk.

Code:

-rw-r--r--    1 root     root         3050 Dec  6 11:37 server.pem
-rw-r--r--    1 root     root         1675 Dec  6 11:37 server-key-nopassword.pem
-rw-r--r--    1 root     root         1743 Dec  6 11:37 cakey.pem
-rw-r--r--    1 root     root         1375 Dec  6 11:37 cacert.pem
-rwxr-xr-x    1 root     root           33 Dec  6 11:37 Certs.info

Would it be possible to regenerate these files somehow to include a hostname and replace these with the new keys?

Thanks,
Mike

Offline

 

#2 2012-12-09 12:29:27

Mordvinov
New member
Registered: 2012-12-06
Posts: 4

Re: Web GUI certs require firefox exception when accessed by hostname

Well, now I am rather confused. I have 3x DNS-323 (2 rev B1, 1 rev C1).

Following the upgrade to firmware 1.0.8, all three devices had the files identified above in /mnt/HD_a2/.systemfile
I have just removed FFP 0.5 from all 3, and replaced with 0.7.

After rebooting all 3 devices, only my 2nd NAS still has these files. The other two just have:

Code:

-rw------- 1 root root 6144 Apr 26  2008 .aquota.user
-rw------- 1 root root 6144 Apr 26  2008 .aquota.group

when I removed FFP 0.5, I only removed:
* /mnt/HD_a2/ffp,
* /mnt/HD_a2/fun_plug and
* /mnt/HD_a2/ffp.log

All 3 devices are configured identically through web admin pages (except, of course, IP and hostnames). All 3 are set to https only and TLS/SSL FTP only.

What is going on?!

Mike

Offline

 

#3 2012-12-09 12:45:46

Mordvinov
New member
Registered: 2012-12-06
Posts: 4

Re: Web GUI certs require firefox exception when accessed by hostname

Found the missing files... on NAS 1 and NAS 3, these files are under /mnt/HD_a4, but not HD_a2!

Should I be concerned about that? All 3 devices are supposed to be Raid 1 (mirrored), and I have never noticed HD_a4 before - always used HD_a2. I thought the drives were supposed to be identical in Raid 1?!

My NAS 1 is currently degraded (drive failed), so that might account for it, but 2 and 3 are OK, but the contents of .systemfile is different across disks in the same device.

Offline

 

 

Pages: 1

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB