prabeau Posted December 16, 2015 Share Posted December 16, 2015 I have installed a new NAS, Synology DS216se to my system, nice change from my old DlinK.The server capabilities of this unit fit my needs. Accessing it from off site troubles me a little, security wise. Any recommendation regards SSL Certificates.Using its quick connect feature ,no port forwarding involved and using a VPN when off site. This server stuff is all new to me ... Would appreciate some advice P Link to comment Share on other sites More sharing options...
thecodeman Posted December 16, 2015 Share Posted December 16, 2015 It's been a while since I've needed to buy one, but used to use Thawte or Verisign back in the day. Link to comment Share on other sites More sharing options...
prabeau Posted December 17, 2015 Author Share Posted December 17, 2015 Thanks Link to comment Share on other sites More sharing options...
Cyknight Posted December 17, 2015 Share Posted December 17, 2015 Thawte Link to comment Share on other sites More sharing options...
Viperman Posted December 17, 2015 Share Posted December 17, 2015 Use goDaddy. They are all just as secure, but godaddy is cheaper. I have a reseller account and can probably save you a little. Having a certificate will not make it any more secure. What it is meant to do it prevent man in the middle attacks. Link to comment Share on other sites More sharing options...
spjuenger Posted December 17, 2015 Share Posted December 17, 2015 It does make your site safer as it will encrypt the data on the wire. It does help protect from man in the middle attacks, but it will also keep your password safe during authentication. Link to comment Share on other sites More sharing options...
prabeau Posted December 17, 2015 Author Share Posted December 17, 2015 It does make your site safer as it will encrypt the data on the wire. It does help protect from man in the middle attacks, but it will also keep your password safe during authentication.Thanks for that info I am confused enough in the process of acquiring this certificate I was about to give up on it. Link to comment Share on other sites More sharing options...
phileaton Posted December 17, 2015 Share Posted December 17, 2015 If you own a domain that you use to access you server you should have a lot of options. Something like this would probably work for personal use: https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx If you don't own a domain you may need to buy a cert from Synology. Link to comment Share on other sites More sharing options...
prabeau Posted December 17, 2015 Author Share Posted December 17, 2015 If you own a domain that you use to access you server you should have a lot of options. Something like this would probably work for personal use: https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx If you don't own a domain you may need to buy a cert from Synology. I went with go dady (not cheap) for SSL but domain was.I tried Comodo but validation was a nightmare would only do it on domain email which I don't have and don't need. Was good learning anyway. Thanks to all. Link to comment Share on other sites More sharing options...
Viperman Posted December 20, 2015 Share Posted December 20, 2015 It does make your site safer as it will encrypt the data on the wire. It does help protect from man in the middle attacks, but it will also keep your password safe during authentication. A certificate does not do that. Yes an SSL connection will do that. But no that does not matter if you have a publicly available certificate or a self signed cert. The certificate also does not keep your password safe. This is how the process works. 1. You connect to an SSL enabled website. The website will present that certificate back to you. a. If that certificate is from a trusted certificate authority like thawte, verisign, go daddy or whomever then you won't get prompted.b. If that certificate is from a non-trusted certificate authority then you will get a pop up saying this certificate is not trusted. And then it will ask you to move on. 2. Now it will exchange keys between the client and the server. The key exchange process is usually a 2048 bit key exchange.3. Now you have an encrypted connection. You are browser limited to 128 bit encryption. Whether you use a self signed or publicly available certificate does not change the encryption level. It only shows that it is from a trusted authority. Either way you go everything is encrypted with at least 128 bit encryption. And for those of you that are in need of certs as I mentioned before I am a godaddy reseller so they are pretty cheap. I think my cost is around $12 per cert, unless you go with a UAC cert, or a wildcard cert, which no one here should need. I think UAC are around $48 for 5 names or so. Don't remember wildcard prices, maybe ~$300 Link to comment Share on other sites More sharing options...
spjuenger Posted December 20, 2015 Share Posted December 20, 2015 A certificate does not do that. Yes an SSL connection will do that. But no that does not matter if you have a publicly available certificate or a self signed cert. The certificate also does not keep your password safe. You are correct in all you stated, but incorrect in assuming "It" meant certificate. The "It" in my statement was referring to using a certificate for SSL which is what Prabeau asked about. Link to comment Share on other sites More sharing options...
rosenqui Posted December 21, 2015 Share Posted December 21, 2015 These guys are in a public beta and the price is right: free https://letsencrypt.org/ Their intermediate CA certs are cross-certified by IdenTrust, so they're trusted by all major web browsers. Link to comment Share on other sites More sharing options...
spjuenger Posted December 21, 2015 Share Posted December 21, 2015 These guys are in a public beta and the price is right: free https://letsencrypt.org/ Their intermediate CA certs are cross-certified by IdenTrust, so they're trusted by all major web browsers. That is a nice find. I'll have to check into these guys. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.