Käytämme evästeitä verkkosivustomme parantamiseksi. Lue Evästekäytäntömme.

NAS 324

Using HTTPS to Secure NAS Communication

Learn how to install a certificate to your ASUSTOR NAS and enable HTTPS

2024-07-15

COURSE OBJECTIVES

Upon completion of this course you should be able to:

  1. Install a certificate to your ASUSTOR NAS.
  2. Use HTTPS to ensure communication security between your NAS and client devices.

PREREQUISITES

Course Prerequisites:

NAS 224: Remote Access - Manual Connect

Students are expected to have a working knowledge of:

DDNS


OUTLINE

1. Introduction

2. Enabling HTTPS and DDNS

2.1 Enabling HTTPS Connections in ADM

2.2 Enabling HTTPS for the web server

2.3 Configuring DDNS

3. Adding a Signed Certificate

3.1 Manually importing a certificate

3.2 Getting a certificate from Let's Encrypt





1. Introduction

HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.
In its popular deployment on the internet, HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks.

Note: Within a local network, connecting to your NAS with its local network IP through HTTPS will produce an error message informing you the connection is not secure. This is normal. You can just use HTTP connection instead within a local network.


The following are the most common connections using HTTPS on ASUSTOR NAS:

  1. Logging into ADM from a browser to manage, configure and use an ASUSTOR NAS. Click here to enable ADM HTTPS connection and configure the port.
  2. Installing and enabling a web server on the NAS to host personal websites.
    Example: Installing Wordpress to host a personal website and have all connections use HTTPS. Click here to learn how to enable web server HTTPS connections and configure ports.


2. Enabling HTTPS and DDNS

Current web browsers have strict restrictions on HTTPS connections. To connect to ADM or a web server through a DDNS URL using HTTPS, a valid TLS/SSL certificate for domain name must be set.


2.1 Enabling HTTPS Connections in ADM

  • Log in to ADM using an administrator account.
  • Select [Settings] [General] [Management].
  • Select [Enable HTTP Secure (HTTPS)]. The default HTTPS port for ADM is 8001.

To decrease the risks to your NAS when exposed to the Internet, it is advised that the default values for HTTP and HTTPS ports be changed.

  • Select [Automatically change HTTP connections to HTTPS connections.].
  • Click on [Apply] to make the configurations effective.



2.2 Enabling HTTPS for the web server

  • Log in to ADM using an administrator account.
  • Select [Web Center] [Web Server].
  • Select the [Enable secured Web server port]. The default port for Web Server HTTPS is 443. You may configure another port if you wish.
  • Click on [Apply] to make the configurations effective.


  • Select [Services] [Web Server].



2.3 Configuring DDNS

Before applying for a valid SSL/TLS certificate, you need to set up DDNS first. Click here to configure DDNS settings.




3. Adding a Signed Certificate

There is a default ASUSTOR signed certificate built into ADM, but browsers will not trust this certificate because it is not signed by a third party. Therefore, when you connect to your ASUSTOR NAS using HTTPS, you will see a privacy error message. (Shown in the graphic below using Google Chrome as an example)

You can click on the "Proceed to x.x.x.x (unsafe)" link to skip past page and log in to ADM. However, in order to correctly verify the identity of your ASUSTOR NAS and ensure secure communication, you must get a signed certificate from a trusted certificate authority and import it into ADM.




3.1 Manually importing a certificate

If you already have a registered domain name, and have a signed certificate from a certificate authority, you can use the following steps to import the certificate into ADM.

If you haven't applied for a valid certificate for your domain name from a trusted certificate authority, click here to obtain a certificate from Let's Encrypt.


STEP 1

  • Log in to ADM, select [Settings] [Certificate Manager] and then click on [Add].


STEP 2

  • Enter a name for the certificate and then click on [Next].


STEP 3

  • Select [Import your SSL private key and certificate] and then click on [Next].


STEP 4

  • Use the [Browse] buttons to select the [Private Key] (*.key or *.pem), [Certificate] (*.crt or *.pem) and [Intermediate Certificate] (optional) from your local machine and then click [Finish].



3.2 Getting a certificate from Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority (CA), that provides a trusted certificate for free to anyone who owns a domain name. Let's Encrypt issued certificates are recognizable by all Web browsers. The Certificate Manager in ASUSTOR NAS can directly connect to Let's Encrypt to generate a valid certificate and install it automatically. This helps you to enhance NAS security with an SSL connection in a fast and easy way at zero cost.

DNS Challenge support for myasustor.com on ADM 4.1 makes connecting to your NAS securely even easier. Port 80 no longer needs to be forwarded for Let's Encrypt certificates.


  • If you use an ASUS router or some of the routers that use port 80 by default, you may have to manually go to router settings to set up port forwarding for the ADM web server, which is also used for getting Let's Encrypt certificates. Click here to configure ports on the router.
  • Please check if the WAN IP of the NAS with port 80 is forwarding to the ADM web server.
  • Find the WAN IP in Manual Connect under Settings.

  • Enter ‘http://x.x.x.x:80’ into your web browser where ‘x’ represents the values of your NAS IP address.

  • If you see the following page, then you can continue setting up Let's Encrypt certificate acquisition on ADM.


Please enable the web server in ADM and ensure that port 80 or another port that is set in your router is used for the web server. It does not have to use the default port. The default port number is 80.

  • ADM 3.5: Select [Services] [Web Server].
  • Select [Enable Web server].


  • ADM 4.0: Select [Web Center] [Web Server].
  • Select [Enable Web server].


Port 80 will be used to perform domain authentication while Let's Encrypt grants and renews certificates. Please be sure that your router forward port 80 correctly to your NAS for remote connection.


STEP 1

  • Log into ADM, select [Settings] [Certificate Manager] and then click on [Add].


STEP 2

  • Enter a name for your certificate, set as default certificate and then click on [Next].


STEP 3

  • Select [Create certificate from Let's Encrypt].
  • Install Let's Encrypt ACME Client if the app is not installed on App Central.
  • Click [Next].


STEP 4

  • Enter the following information:
    • [Domain name]: Enter the domain name registered with the domain provider. For the use of myaustor.com, you can type your Cloud id and .myasustor.com together. For example, cloudid.myasustor.com.
    • [E-mail]: Enter the e-mail address used to register for the certificate. Here you can use your NAS registration email if you want to use it with myasustor.com.
    • [Subject Alternative Name]: If this certificate needs to be used on multiple domains, please enter the names of the other domains. (Not a necessary item.)
    • [Update automatically when certificates expire.]: Let's Encrypt issued certificates will expire after 90 days. By selecting this option, ADM will automatically renew the certificate before the expiration date, if domain verification is successful.
  • Click on [Finish].


  • The Let's Encrypt certificate will be granted to ADM.


  • Enter the NAS URL followed by a colon and port number on your web browser to connect to your NAS through HTTPS.
    Example: https://nasurl.myasustor.com:8001


Certificates for HTTPS connections only protect DDNS external connections through DDNS. When entering the NAS URL to connect to your NAS, a colon followed by the port number found in Settings must be used to connect to your NAS.
Example: https://nasurl.myasustor.com:8001

Within a local network, connecting to your NAS with its local network IP through HTTPS will produce an error message informing you the connection is not secure. This is normal. To continue to ADM, you may need to override this message. In Chrome or Edge, you may need to press "Continue to x.x.x.x (Unsafe)" after showing advanced and in Firefox, you'll need to press "Accept the Risk and Continue".

  • Chrome or Edge:

  • Firefox:



Learn More

Was this article helpful? Yes / No