We use cookies to help us improve our webpage. Please read our Cookie Policy .

NAS 324

Using HTTPS to Secure NAS Communication(English Only)

Learn how to install a certificate to your ASUSTOR NAS and enable HTTPS

2016-12-23

COURSE OBJECTIVES

Upon completion of this course you should be able to:

1. Install a certificate to your ASUSTOR NAS

2. Use HTTPS to ensure communication security between your NAS and client devices

PREREQUISITES

Course Prerequisites:

None

Students are expected to have a working knowledge of:

N/A




1. Introduction

HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.

In its popular deployment on the internet, HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks.

2. Enabling HTTPS

2.1 Enabling HTTPS for the ADM management interface

Log in to ADM using an administrator account. Select [Settings] > [General] > [Management]. Select the [Enable HTTP Secure (HTTPS)] checkbox. The default HTTPS port for ADM is 8001. You may configure another port if you wish. Select the [Automatically change HTTP connections to HTTPS connections.] checkbox.

Click on [Apply] to make the configurations effective.

2.2 Enabling HTTPS for the Web server

Log in to ADM using an administrator account. Select [Services] > [Web Server]. Select the [Enable secured Web server (SSL)] checkbox. The default port for Web Server HTTPS is 443. You may configure another port if you wish.

Click on [Apply] to make the configurations effective.

3. Adding a Signed Certificate

There is a default ASUSTOR signed certificate built into ADM, but browsers will not trust this certificate because it is not signed by a third party. Therefore, when you connect to your ASUSTOR NAS using HTTPS, you will see a privacy error message. (Shown in the graphic below using Google Chrome as an example)

You can click on the "Proceed to…website (unsafe)" link to skip past page and log in to ADM. However, in order to correctly verify the identity of your ASUSTOR NAS and ensure secure communication, you must get a signed certificate from a trusted certificate authority and import it into ADM.

3.1 Manually importing a certificate

If you already have a registered domain name, and have a signed certificate from a certificate authority, you can use the following steps to import the certificate into ADM.

STEP 1

Log in to ADM, select [Settings] > [Certificate Manager] and then click on [Add].

STEP 2

Enter a name for the certificate and then click on [Next].

STEP 3

Select [Import your SSL private key and certificate] and then click on [Next].

STEP 4

Use the [Browse] buttons to select the [Private Key], [Certificate] and [Intermediate Certificate] (optional) from your local machine and then click [Finish].

3.2 Getting a certificate from Let's Encrypt

Let's Encrypt (https://letsencrypt.org/) is a free, automated, and open certificate authority (CA), that provides a trusted certificate for free to anyone who owns a domain name. Let's Encrypt issued certificates are recognizable by all Web browsers. The Certificate Manager in ASUSTOR NAS can directly connect to Let's Encrypt to generate a valid certificate and install it automatically. This helps you to enhance NAS security with an SSL connection in a fast and easy way at zero cost.

STEP 1

Log in to ADM, select [Services] > [Web Server] and select the [Enable Web server] checkbox. Make sure to use the default port 80.

Do not check the [Enable secured Web server (SSL)] checkbox.

STEP 2

Select [Settings] > [Ease of Access] > [EZ-Router] and add Web service to the [Port Forwarding] list.

STEP 3

If your router does not support EZ-Router, please manually go to the router management interface to configure port forwarding.

Note: Before Let's Encrypt assigns certificates, it will use port 80 to execute domain verification. Therefore, please ensure that your NAS and router have port 80 open in order to allow connections from the Internet.

STEP 4

Log into ADM, select [Settings] > [Certificate Manager] and then click on [Add].

STEP 5

Enter a name for your certificate and then click on [Next].

STEP 6

Select [Create certificate from Let's Encrypt] and then click on [Next].

STEP 7

Enter the following information:

[Doman name]: Enter the domain name registered with the domain provider.

[E-mail]: Enter the e-mail address used to register for the certificate.

[Subject Alterative Name]: If this certificate needs to be used on multiple domains, please enter the names of the other domains.

[Update automatically when certificates expire.]: Let's Encrypt issued certificates will expire after 90 days. By selecting this option, ADM will automatically renew the certificate before the expiration date, if domain verification is successful. Please ensure that your NAS and router have port 80 opened in order to allow for certificate updates.

Click on [Finish]. The Let's Encrypt certificate will be imported to ADM.

Was this article helpful? Yes / No