No one can pretend to be the news server unless he has the original server certificate.
NZBGet will validate fingerprint and report an error and stop connecting if it doesn't match. News servers configuration section in NZBGet will have a new option Fingerprint which must be set by user manually, something like: Which is a certificate fingerprint check. So instead of trying to verify server certificate I could possibly implement a different approach to improve security and prevent MitM attacks. Although wouldn't it be strange (or suspicious) that some program uses a non-system root certificate store? Well, this collection comes from Mozilla and Firefox does this exact thing (uses it's own certificate collection instead of system store). MacOS has it's own certificate store too.Īn alternative could be to ship a certificate collection within NZBGet package.
Nzbget ssl windows#
Windows has it's own certificate store which of course isn't in format expected by OpenSSL. A lot of confusion and this is just on Linux. Interesting reading - A note about SSL/TLS trusted certificate stores, and platforms (OpenSSL and GnuTLS). The big question is where to get that collection? To perform validation a collection of trusted root certificates is needed. I'll dost likely make another post once I am more comfortable with everything and have a setup in mind for advice.Certificate validation is a difficult thing for NZBGet. Planning on moving over to a QNAP NAS later, just wanted to familiarize myself with as much as possible first. I believe I don't need to do the SSL or VPN (?). I'm reading up on these, but am leaning towards Reverse proxy option. Reverse proxy w/dynamic DNS (Forwarding fewer ports) Port forwarding (Tried to do this initially, along with making staticIP, before installing anything. I'm looking to remote in for NZBGet, Sonarr, Plex, etc. You mentioned SSL for all of NZBGet to remote from outside the network (phone, tablet, PC, Amazon Fire, Kodi, etc). The SSL/TSL option I enabled is under the News-Server page in the Sdttings. I managed to get it working thanks to your suggestion of port 80. Instead, it accidentally replied to the parent thread instead. Only problem now is"Error reading diskstate: could not open file.\queue\xxxx: No such file or directory" Cheers!ĮDIT: Changed port to 80 and connection looks fine for now!
Nzbget ssl how to#
I am still learning about how to use Usenet, so please bear with me a bit. Thank you for reading this and I appreciate any help that I can get.
Will I have to live with this issue? Or perhaps disable the SSL option in NZBGet, which is not recommended I imagine?Īll I want are decent speeds, along with safety and security while downloading. I am wondering if there are other cases of this, and if there are any fixes for this. The rest of my devices on my network still have internet access, along with the computer. for 10 seconds" Speeds would go to 0KB/s for minutes, or would go only 450KB/s or so. After awhile, there were disconnects and error messages coming up. The first time I used it, my speeds were around 5MB/s. My problem starts when I try downloading files.
Nzbget ssl verification#
I used the workaround for self-signed certificates that was listed on the NZBGet certificate verification page, getting the certificate and manually inputting it into a copy of cacert.pem. I used the SSL addresses for NGD (us.:563) for NZBGet w/SSL enabled, but received connection errors when testing.
Nzbget ssl windows 10#
My setup is: Windows 10 / Newsgroupdirect (NGD?) / NZBGet v20 Right now I'm confused about this problem, and I tried looking online for the same issue, but came up with no solution. I have a number of questions, but I will save those for later. I just started using Usenet and dipped my toes in for the first time.
0 kommentar(er)
