Buffalo NAS SSL Certificate Needed (Completely new to me!)


#1

Hi Everyone!

Firsty, please see the info below and then I’ll explain afterwards:

  • My domain is: [buffalonas.com/KaoSM] (Yes, I know I don’t own the URL, but the last part is unique to my NAS)

EDIT! Note: The link now works properly (I had forgotten to complete the port forward following a router change!) It is now possible to reach the web interface, whether I have SSL mode enabled or not. If it is enabled, it simply throws up a trust warning).

  • My web server is: Buffalo NAS WebAccess Ver 3.4 (r1652+)

  • The operating system my web interface runs on is: Apache HTTP Server 2.2.14

  • I can login to a root shell on my machine: I don’t think so (pretty certain it’s no), but the URL of the control panel UI is: (http://192.168.0.4/root.html)

  • I’m using a control panel to manage my site: LS220D Version 1.67-0.01

OK, so this is my first post and the first time I have needed / wanted to delve into gaining a SSL cert (so please be gentle!).

I recently bought the above NAS for my home setup and I have successfully set up the WebAccess feature. Before I start to use it properly and indeed put anything on it, I want to properly enable its ‘SSL’ feature. This means I need both a SSL cert and a key (see image below):

So my question to you all is: how do I best go about getting these two items with the least amount of fuss, please?

I look forward to your help,

Thanks all.


#2

I do not believe that Let’s Encrypt can help you here. You do not own the domain name buffalonas.com.

If accessing the NAS from outside the network, personally I would use sFTP rather than a web interface. You may want to refer to their documentation concerning what they recommend to use as a SSL certificate on their device.

Out of curiosity, which of their products did you purchase?


#3

@alento Thanks for replying so quickly. :slight_smile:

I had a good look at their documentation before I posted here to be fair (and I thought it wasn’t very good in the SSL cert info department!)

You are right, I don’t own the domain name… so I think maybe I should persevere a little more!

Regards


#4

You referenced the LS220D which I am going to interpret as being LinkStation 220 D – while that model is not listed in the support documentation I am looking at on the Buffalo Technology website, I am going to assume that it also supports acting as a web server.

If that is indeed the case … which from your OP you believe it to be so …

It is very doable to get a SSL cert in this case, but you will need to register a domain first. And that SSL cert will secure the domain that is being hosted, but I do not believe that it will secure the file transfers being handled between your device and their web interface – I would think that they would use encryption built into the hardware for that!


#5

Alento, thank you. That’s correct, it is the 220D (sorry). This is all quite new to me, so I will have to take you word for it that it will run as a web server, I didn’t see anywhere in the control panel for that though… I think it just secures the ‘link’ when accessing from the web. I figured that adding security couldn’t be a bad thing!

I think having to get a domain seems possibly unnecessary then if all it is going to do is verify identity and not encrypt traffic…

:thinking:


#6

It appears that my comment in the previous reply was for a different model as the 220D does not seem to support that function. So, I will stick with what I said in the first reply. :slight_smile:


#7

It seems the buffalonas.com/aBcDeFg type of URL is some kind of relocator:

osiris@desktop ~ $ telnet buffalonas.com 80
Trying 175.41.248.225...
Connected to buffalonas.com.
Escape character is '^]'.
GET /KaoSM HTTP/1.1
Host: buffalonas.com

HTTP/1.1 302 Found
Date: Sat, 03 Mar 2018 13:31:53 GMT
Server: Apache
Content-Location: index.php.en
Vary: negotiate,accept-language
TCN: choice
Location: https://92.233.16.249:46223/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en

Connection closed by foreign host.
osiris@desktop ~ $ 

Let’s Encrypt doesn’t offer certificates for IP addresses (it seems to redirect to your home IP address, correct?), but there are free options for (sub)domain names. If you get one, you can get a certificate for that host name.

There are a lot of clients for Let’s Encrypt (see https://letsencrypt.org/docs/client-options/) including a few webbased clients. You can use one of those to get the certificate (and the corresponding private key) and upload those two (including the intermediate certificate, also called a “full chain”) to your NAS.
Unfortunately, because those steps are manual, you’ll have to repeat both steps again within 90 days, as Let’s Encrypt certificates are only 90 days valid.


#8

Osiris, thank you… You’re initial investigation is correct… I am currently discussing it in messages with @alento… It is a relocator portal to my home IP.

I think, I I can get it working, I could deal with every 90 days… :+1:


#9

Interestingly, if I use my phone browser (no wifi, so not on my internal LAN), I cannot access WebAccess, regardless of whether I have SSL on or not…


#10

But I can if I use the special App…


#11

@alento @Osiris

So ermmm yeahhhh. I changed my router the other day and set up all of my port forwards except for one… can you guess which?

So, the web interface should be reachable now…

Let us move forwards with the investigation, perhaps? (The shame!)


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.