Reztek Systems

Technology, Security, and More


The state of the QNAP NAS and Safari

As we had previously noted, the transformation from an excessively loud hyper converged solution to a commercial off the shelf solution took place a few months back.  About a week ago, we had also noted the procurement of a 2018 Mac mini.  Efforts today related to troubleshooting Safari’s inability to access the management interface when secure HTTP is being enforced has resulted in a game of finger pointing between vendors.

Apple refuses to acknowledge that there is a bug in the way that Safari handles untrusted sites.  This may be a more common occurrence than one would realize.  Default certificates from untrusted sources may be commonly found on consumer gear.  In the event that such a site is accessed by a modern browser, the person behind the keyboard is normally provided with a warning of some variety.  Using Chrome as an example, visiting a site with a certificate mismatch will result in the warning dialog pictured below.

Selecting Advanced and proceeding to the site of a device with a mismatched or invalidated certificate will normally enable you to proceed.  Using Chrome, Internet Explorer, Edge, Firefox and Opera in this scenario provides the ability to log into the QNAP management interface.  When it comes to Safari performing the same exact process, the results were far different.

Selecting Show Details, “visit this website” in the details section, and entering account credentials to confirm that you want to legitimately make a change to your Certificate Trust settings results in an infinite loop of the same process repeating over and over.  “Charles” from Apple Support decided that the solution is to “use another browser” instead of fixing an identified bug.  One has to chuckle at the circa-2018 support from Apple.  While the certificate appeared to have the proper trust settings in Keychain Access, the results of trying to access the management page proved this to be false.  Deleting the offending certificate and allowing it to reimport fixed the glitch.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.