Am Sonntag, 8. Mai 2016, 10:05:15 schrieb Vojtěch Zeisek:
Dne sobota 7. května 2016 17:52:32 CEST, Jan Ritzerfeld napsal(a): [...]
However, if "internal purposes" means that only a limited set of people should access the Web Server of your NAS via a regular domain name then
Yes, it is the case, so that I think own CA is too much work...
Well, it is not that easy, but I think deploying your CA certificate on all the clients might be too much work if you have to persuade the users of the clients to trust all of your certificates even if the ones issued for *.google.com. ;)
upgrade to DSM 6 and use Let's Encrypt to remove the necessity of creating and deploying any CA certificate at all. I cannot do it this way because my NAS is accessible only via VPN, intentionally.
I did upgrade to DSM 6. Do You have experience with Let's Encrypt? I wonder why it needs port 80 opened...
No, because I do not want to expose my NAS to the whole Internet. And Let's Encrypt needs port 80 or 443 opened to validate your ownership of the domain regularly. This is why Let's Encrypt certificates expire pretty soon. So, if you want to restrict access to your NAS via IP addresses, you cannot use the automatic renewal of your certificate and have to do this manually, every 90 days. And this is why "I cannot do it this way" but I still like the idea of Let's Encrypt very much. Gruß Jan -- It's better to keep your mouth shut and appear stupid, than to open it and remove all doubt. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org