Update Https Certificate on TOS 5

Topics related to system security only
User avatar
redmagusclawmus
Posts: 2
Joined: 02 Aug 2022, 08:39

Update Https Certificate on TOS 5

Post by redmagusclawmus »

Good evening,

I recently uploaded my new certificate from no-ip ddns and I was able to update the FTP and WebDAV only. My goal is to update the Https settings as well to use the new certificate. Please see below:
tos_error.png
Thank you for your assistance,

Adam Brousseau
F5-221
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: Update Https Certificate on TOS 5

Post by TMSupport »

The HTTPS certificate does not currently support modification, which will affect the use of functions such as remote access.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
redmagusclawmus
Posts: 2
Joined: 02 Aug 2022, 08:39

Re: Update Https Certificate on TOS 5

Post by redmagusclawmus »

Understood. Thank you for your reply

Adam Brousseau
User avatar
antislow
Posts: 22
Joined: 20 Jun 2022, 22:22

Re: Update Https Certificate on TOS 5

Post by antislow »

Will we ever be able to use our own certificates for the web interface?

1. So that we do not have to have a cert warning each time we access the interface, I can have the cert match the domain

2. This seems like a shared cert that is installed on every TNAS device. It kind of defeats the purpose of having a cert to encrypt the traffic if anyone w/ a TNAS device has a copy of the private ke and can decrypt traffic from anyone's TNAS device.

Please let us update the cert with our own, thank you.
User avatar
ByteJunk
Posts: 3
Joined: 11 Mar 2023, 07:12

Re: Update Https Certificate on TOS 5

Post by ByteJunk »

Hey everyone!

Same here, I generated a let's encrypt cert and uploaded it and was really surprised I couldn't use it.

I understand that this is a feature that can cause users to shoot themselves in the foot pretty badly, but perhaps hide it behind a big red warning?
Or allow the creation of alias that would use the cert?

Thanks!
User avatar
ByteJunk
Posts: 3
Joined: 11 Mar 2023, 07:12

Re: Update Https Certificate on TOS 5

Post by ByteJunk »

Oh, I just thought of a workaround.

I have a docker container running apache2 in my F2-223, so I figured I could configure a subdomain, get a let's encrypt cert, and reverse proxy to the NAS port.

Lo and behold, it works perfectly. I can now access https://nas.mydomain.com, and I get TOS with a valid cert.

I'm using something like this:

Code: Select all

<VirtualHost *:443>
        ServerName nas.mydomain.com

        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerExpire off

        ProxyPass               /       https://yourcurrentNASurl:5443/
        ProxyPassReverse        /       https://yourcurrentNASurl:5443/

        SSLCertificateFile /etc/whereverYouStoreYourCert/fullchain.pem
        SSLCertificateKeyFile /etc/whereverYouStoreYourCert/privkey.pem
</VirtualHost>
I'm disabling checks in the proxy because "https://yourcurrentNASurl:5443/" in my case isn't properly signed, since it's signed with the default *.tnas.link cert

Hope it helps someone.

Warm regards,
ByteJ
User avatar
rfc1920
Posts: 13
Joined: 16 Mar 2023, 02:31

Re: Update Https Certificate on TOS 5

Post by rfc1920 »

It is possible to do it manually, at least for the nginx component listening on :5443.

I had uploaded my locally-generated cert from my local CA and found that the GUI then showed NO certs, so I manually edited nginx.conf and added my certs locally. It works like any other nginx and so far I am happy.
User avatar
Theo
Posts: 4
Joined: 07 Oct 2023, 04:00

Re: Update Https Certificate on TOS 5

Post by Theo »

Would it be possible for either of you to give a bit of a step-by-step walkthru of the process you used? I'd like to get past the 'insecure site' warning every time I connect, but I don't know my way around the innards of this platform yet.

rfc1920 wrote: 16 Mar 2023, 02:34 It is possible to do it manually, at least for the nginx component listening on :5443.

I had uploaded my locally-generated cert from my local CA and found that the GUI then showed NO certs, so I manually edited nginx.conf and added my certs locally. It works like any other nginx and so far I am happy.
ByteJunk wrote: 11 Mar 2023, 08:29 Oh, I just thought of a workaround.

I have a docker container running apache2 in my F2-223, so I figured I could configure a subdomain, get a let's encrypt cert, and reverse proxy to the NAS port.

Lo and behold, it works perfectly. I can now access https://nas.mydomain.com, and I get TOS with a valid cert.

I'm using something like this:

Code: Select all

<VirtualHost *:443>
        ServerName nas.mydomain.com

        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerExpire off

        ProxyPass               /       https://yourcurrentNASurl:5443/
        ProxyPassReverse        /       https://yourcurrentNASurl:5443/

        SSLCertificateFile /etc/whereverYouStoreYourCert/fullchain.pem
        SSLCertificateKeyFile /etc/whereverYouStoreYourCert/privkey.pem
</VirtualHost>
I'm disabling checks in the proxy because "https://yourcurrentNASurl:5443/" in my case isn't properly signed, since it's signed with the default *.tnas.link cert

Hope it helps someone.

Warm regards,
ByteJ
User avatar
dianzisongyang
Posts: 10
Joined: 15 Jan 2024, 20:38

Re: Update Https Certificate on TOS 5

Post by dianzisongyang »

Chiming in from 2024; still looking for help with how to just enable HTTPS and get past the insecure site warning. I uploaded the default TNAS cert to my web browsers but still no dice. It says upload successful, yet personal or other cert libraries don't get the cert installed... You'd think TerraMaster would have their own guide, but sadly: nothing.
User avatar
TMzethar
TerraMaster Team
Posts: 1127
Joined: 27 Oct 2020, 16:43

Re: Update Https Certificate on TOS 5

Post by TMzethar »

{L_BUTTON_AT}dianzisongyang
If you are referring to TOS's HTTPS SSL certificate, please refer to this to update them: viewtopic.php?f=78&t=4243 If you want to customize the certificate, this feature is currently not supported.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Post Reply