QNAP [CACert ] [ 1.01 ] Certificate Authority Certificates

[QoolBox]

The Public Key Inrastructure is used for many security issues in a Linux system.
In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA).
The certificates loaded by this section are from the list on the Mozilla version control system and formats it into a form used by OpenSSL.

The certificates can also be used by other applications either directly of indirectly through openssl.

Download :

http://www.positiv-it.fr/QNAP/APP/CACert_1.00.qpkg.zip
http://www.positiv-it.fr/QNAP/APP/CACert_1.01.qpkg.zip

Dependency :

QPerl

Note :

this qpkg generate the missing Certificate Authority Certificates and remove expired certificates on stop/start of the qpkg
a connection to Internet correctly set is required

 

[Toxic]

Does this include GTE CyberTrust Global root https://www.tbs-certificates.co.uk/FAQ/en/31.html ?

 

[CHAP]

Bonjour,

Si on installe ce certificat, supprime t'il le certificat "autosigné " de Qnap ?

Peut-on l'installé sur Qnap ARM (ts-221) ?

JC Chap

 

[QoolBox]

non et non

il te faut QPerl non dispo sur armv5 comme dépendance

 

[CHAP]

Gre.... :x ,je ne peux rien tester avec ce Nas.

Il faut que j'envisage une évolution !

 

[QoolBox]

clairement tu auras plus de flexiblité avec un modèle Intel

 

[Toxic]

Stephane by installing these certificates, will the NAS use these by default and not QNAPS own dead CA Certs?

or do I have to do something to the system to make it use these?

 

[Toxic]

Ah.. no..

[/share/htdocs/weather/pws] # /share/CACHEDEV1_DATA/.qpkg/Qapache/bin/php /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php
PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php on line 14
PHP Warning: file_get_contents(): Failed to enable crypto in /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php on line 14
PHP Warning: file_get_contents(https://api.wunderground.com/api/xxxxxxxxxxxxxxxxx/conditions_v11/forecast10day/hourly_v11/units:english/lang:EN/q/pws:ICODOWNN2.json): failed to open stream: operation failed in /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php on line 14

how do I get the webserver/php to use these CACerts? PHP 5.6 and above check validity of the https site it is going too.

do I need to edit php.ini or something?

 

[Toxic]

Looks like I have sussed it...

edit php.ini (QApache) add:

openssl.cafile=/etc/ssl/certs/rootca.pem

restart Qapache..

[/share/htdocs/weather/pws] # /share/CACHEDEV1_DATA/.qpkg/Qapache/bin/php /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/graphscron1.php

[/share/htdocs/weather/pws] # /share/CACHEDEV1_DATA/.qpkg/Qapache/bin/php /share/CACHEDEV1_DATA/htdocs/weather/pws/cronfiles/stationcron1.php

[/share/htdocs/weather/pws] #

No errors, and Values imported to csv and JSON files!

Please add in your OP to Edit php.ini to add the correct path to cacerts

 

[QoolBox]

updated