QNAP [CACert ] [ 1.01 ] Certificate Authority Certificates

QoolBox

Représentant QNAP
2 Janvier 2014
10 599
169
158
50
France
www.qnap.com
The Public Key Inrastructure is used for many security issues in a Linux system.
In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA).
The certificates loaded by this section are from the list on the Mozilla version control system and formats it into a form used by OpenSSL.

The certificates can also be used by other applications either directly of indirectly through openssl.

Gnome-application-certificate-250-crop.png


Download :

http://www.positiv-it.fr/QNAP/APP/CACert_1.00.qpkg.zip
http://www.positiv-it.fr/QNAP/APP/CACert_1.01.qpkg.zip

Dependency :

QPerl

Note :

this qpkg generate the missing Certificate Authority Certificates and remove expired certificates on stop/start of the qpkg
a connection to Internet correctly set is required
 
Does this include GTE CyberTrust Global root https://www.tbs-certificates.co.uk/FAQ/en/31.html ?
 
Stephane by installing these certificates, will the NAS use these by default and not QNAPS own dead CA Certs?

or do I have to do something to the system to make it use these?
 
Ah.. no..


[/share/htdocs/weather/pws] # /share/CACHEDEV1_DATA/.qpkg/Qapache/bin/php /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php
PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php on line 14
PHP Warning: file_get_contents(): Failed to enable crypto in /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php on line 14
PHP Warning: file_get_contents(https://api.wunderground.com/api/xxxxxxxxxxxxxxxxx/conditions_v11/forecast10day/hourly_v11/units:english/lang:EN/q/pws:ICODOWNN2.json): failed to open stream: operation failed in /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php on line 14


how do I get the webserver/php to use these CACerts? PHP 5.6 and above check validity of the https site it is going too.

do I need to edit php.ini or something?
 
Looks like I have sussed it...

edit php.ini (QApache) add:

openssl.cafile=/etc/ssl/certs/rootca.pem

restart Qapache..

[/share/htdocs/weather/pws] # /share/CACHEDEV1_DATA/.qpkg/Qapache/bin/php /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/graphscron1.php

[/share/htdocs/weather/pws] # /share/CACHEDEV1_DATA/.qpkg/Qapache/bin/php /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php

[/share/htdocs/weather/pws] #

No errors, and Values imported to csv and JSON files!

Please add in your OP to Edit php.ini to add the correct path to cacerts