LE certificate chaos

Currently reading
LE certificate chaos

1,019
340
NAS
DS418play, DS213j, DSM 7.0.1-14401
I've been troubleshooting recent caldav sync issues between the NAS and Thuderbird and my "smarts" landed me in a mess.

I happened to notice that on my Win10 laptop, there was no apparent cert for the NAS. First, I attempted to download the LE cert from the NAS, thinking I could import it into Windows. However, the download is apparently only for the Synology NAS as the cert file extensions weren't recognized by Windows cert import.

So I tried another approach... I logged onto the NAS via my Synology DDNS using a browser. From the browser "view site information" padlock, I opened and downloaded the cert and it came in a format that Windows cert import could use.

I imported the downloaded cert into Windows using all the basic defaults and it located itself in an "Other" tab. So I figured how smart I am.

I rebooted the PC, opened the browser and attempted to log in, BUT... the browser informed me that my cert was odd and there was a 3rd party compromise suspected, and the browser would not give me the login screen (using the DDNS). I tried an alternate DDNS with the same result.

Next, I removed the cert I imported, rebooted... and the same issue. No access.

I just now reimaged my machine back 24 hours, and all is well. When I enter the DDNS I'm taken immediately to the DSM log in.

What did I do wrong? I'm flummoxed.
 

Rusty

Moderator
NAS Support
2,282
684
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Just so I'm not offering a wrong solution, wanna be sure. What are you traying to do here exactly?
 

fredbert

Moderator
NAS Support
Subscriber
1,499
636
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Is that a tea tray or a tray bake? ;)

@Telos If you have a LE certificate then you shouldn't need to install any certificate on the PC. If the LE certificate doesn't list the domain or subject alternate name of the URL that you used to connect then you can add an exception for that specific connection on that browser ... it's the same that happens when an unsigned cert is used for and URL by all browsers.

If you have an unsigned certificate then you could install the server certificate and say it's trusted, but this is something I haven't done for 19 years so memory is hazy.
 
1,019
340
NAS
DS418play, DS213j, DSM 7.0.1-14401
Just so I'm not offering a wrong solution, wanna be sure. What are you traying to do here exactly?
@Telos If you have a LE certificate then you shouldn't need to install any certificate on the PC. If the LE certificate doesn't list the domain or subject alternate name of the URL that you used to connect then you can add an exception for that specific connection on that browser ... it's the same that happens when an unsigned cert is used for and URL by all browsers.

When I sync Thuderbird CalDAV calendars (with my DDNS links) I occasionally get a popup about a certificate issue. The "View" certificate button doesn't open anything, and the "Allow" button is grayed out.

So I figured I would manually load the LE cert into Thunderbird to keep this from happening. As I wrote... this backfired and only made everything worse.

FWIW I also get a message to the effect that 'calendar "name here" is not presently available' when opening Thunderbird. Last night I rolled back the default calendar addon "Lightning" and these messages have stopped (temporarily?). I couldn't find any discussion of this on the Mozilla forums, so I started tweaking my Windows cert repository.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Top