myQNAPcloud ssl license question

Hermie · August 16, 2025, 4:27pm

I bought today:
QNAP SSL certificate license and see the certifacts license in myQNAPcloud.
I do not see any possibility to download the license. Is there a guide for inexperienced users. Under transaction record I see the transaction number which I can copy. The transaction type is: new. I see the price and the status confirmed. Under Details I can download a pdf with the invoice. Thank you for your help. For the import in the NAS Control Panel I need a file .pfx, .p12, .pem, .crt, or .cert.

dolbyman · August 16, 2025, 6:07pm

What are you trying to do with the cert? If exposing the NAS to the web is the goal, beginners often fall into the trap thinking it would protect them against attacks…it does not!

Spile · August 18, 2025, 5:24am

Even with non exposed devices there is justification for implementing SSL. Especially when accessing the NAS over Wi-Fi and/or taking into account what else may be on the lan. And even a non exposed NAS should be running strong passwords and have up to date firmware and that definitely top trumps SSL.

OneCD · August 18, 2025, 5:39am

If the WiFi AP requires a password, then WiFi traffic is encrypted. No SSL needed. If it’s a public WiFi AP, then it’s a different story.

What else may be on the LAN? No LAN device can MITM LAN traffic unless it’s a router.

And any LAN device that can’t be trusted should be in a separate LAN anyway (e.g. VLAN).

Spile · August 18, 2025, 7:30am

Man-in-the-middle attempts? Pragmatically/realistically, especially in a domestic environment, how may users run a separate LAN but have multiple IOT devices? In which case, doesn’t SSL add an extra layer of security? Or maybe the user wants to counter a browser issue? I’m not excusing bad behaviour here.

OneCD · August 18, 2025, 7:51am

The only reason I can imagine running a server on your LAN with SSL is that your client browser will only work on HTTPS, and won’t accept self-signed certificates. Use a different browser instead.

IoT devices are a good example of things that should be connected only via a separate network segment.

Yes, SSL does add another layer of security. But for the truly paranoid, it won’t be enough (there’s never enough security for them).

dolbyman · August 18, 2025, 2:42pm

SSL is transport security/authentication

Great against eavesdropping, does nothing against attacks via exploits (the big big danger exposing the NAS to WAN)

I am not saying WAN connections should not use SSL, I am saying that it creates a false sense of security (and a source of annoyance in LAN environments as valid certs are harder to achieve if you are not dealing with FQDNs at home… yes you can mitigate via DNS changes or local cert authority injections)

Spile · August 19, 2025, 6:24am

A compromised IoT gadget can attempt ARP spoofing and capture admin logins. TLS blocks that. LAN ≠ safe zone.