Can't get a secure WebDAV Drive Mapping

The discussion room of webDAV based solution for file sharing.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
uk_martin
Trainee
Trainee
Posts: 13
Joined: Thu Dec 10, 2015 7:24 pm

Can't get a secure WebDAV Drive Mapping

Unread post by uk_martin » Sat Jan 20, 2018 10:52 am

Having read all sorts of articles about WebDAV, I've finally been able to get my NAS Drives mapped to my 64bit Windows 10 running MS Surface Pro 4....well sort of.

I can get drives mapped if I use just the HTTP protocol and connect into port 5005. What isn't happening though is for me to be able to connect to port 5006 using a HTTPS URL. I get to the username / password stage, and when I enter my username and password I get a Network Logon Failure notice.

I've seen the it said that WIndows requires an SSL Certificate, which I have courtesy of Synology, but could it be that this isn't being accepted?

Anyone have any thoughts?

Thanks in advance.

Martin

sincarne
Virtuoso
Virtuoso
Posts: 1305
Joined: Wed Feb 15, 2017 9:57 pm

Re: Can't get a secure WebDAV Drive Mapping

Unread post by sincarne » Sat Jan 20, 2018 8:53 pm

synology DDNS certificate is self-signed. you need certificate authority one. use let's encrypt in security menu

niceiceman
I'm New!
I'm New!
Posts: 2
Joined: Tue Jan 23, 2018 3:29 am

Re: Can't get a secure WebDAV Drive Mapping

Unread post by niceiceman » Tue Jan 23, 2018 3:52 am

I have installed Let's Encrypt , the web server is running properly.
WEBDAV non-encrypted mode works properly (port 5005)
For WEBDAV https (5006), it can login to the server and view all file names. It can download small files (e.g. .jpg) however, it cannot download any larger files, no matter zip, mp4 avi and etc.

i have installed chain.pem and cert.pem into windows 10 and Mac OSX keychain

but still the problem cannot be solved...

tangofan
I'm New!
I'm New!
Posts: 6
Joined: Sat Oct 12, 2013 4:39 am

Re: Can't get a secure WebDAV Drive Mapping

Unread post by tangofan » Wed Feb 21, 2018 8:09 pm

niceiceman wrote:I have installed Let's Encrypt , the web server is running properly.
WEBDAV non-encrypted mode works properly (port 5005)
For WEBDAV https (5006), it can login to the server and view all file names. It can download small files (e.g. .jpg) however, it cannot download any larger files, no matter zip, mp4 avi and etc.

i have installed chain.pem and cert.pem into windows 10 and Mac OSX keychain

but still the problem cannot be solved...
The step that you might be missing is that you need to select the new certificate as the one that the WEBDAV server will serve to the client.

To do so go to "Control Panel -> Security" and select the "Certificate" tab.
In there click the "Configure" button and select your new certificate for the WEBDAV server and click ok.

That worked for me and I didn't even have to install any pem files in my Windows 10 clients.

niceiceman
I'm New!
I'm New!
Posts: 2
Joined: Tue Jan 23, 2018 3:29 am

Re: Can't get a secure WebDAV Drive Mapping

Unread post by niceiceman » Sat Feb 24, 2018 3:45 am

tangofan wrote:
niceiceman wrote:I have installed Let's Encrypt , the web server is running properly.
WEBDAV non-encrypted mode works properly (port 5005)
For WEBDAV https (5006), it can login to the server and view all file names. It can download small files (e.g. .jpg) however, it cannot download any larger files, no matter zip, mp4 avi and etc.

i have installed chain.pem and cert.pem into windows 10 and Mac OSX keychain

but still the problem cannot be solved...
The step that you might be missing is that you need to select the new certificate as the one that the WEBDAV server will serve to the client.

To do so go to "Control Panel -> Security" and select the "Certificate" tab.
In there click the "Configure" button and select your new certificate for the WEBDAV server and click ok.

That worked for me and I didn't even have to install any pem files in my Windows 10 clients.

Thank you so much for your reply! I have tried that already. but still did not work...

It wont work both on Mac OS and 2 windows 10 machines connection.. I dunno what I have done wrong

tangofan
I'm New!
I'm New!
Posts: 6
Joined: Sat Oct 12, 2013 4:39 am

Re: Can't get a secure WebDAV Drive Mapping

Unread post by tangofan » Sat Feb 24, 2018 7:56 am

niceiceman wrote:
tangofan wrote:
niceiceman wrote:I have installed Let's Encrypt , the web server is running properly.
WEBDAV non-encrypted mode works properly (port 5005)
For WEBDAV https (5006), it can login to the server and view all file names. It can download small files (e.g. .jpg) however, it cannot download any larger files, no matter zip, mp4 avi and etc.

i have installed chain.pem and cert.pem into windows 10 and Mac OSX keychain

but still the problem cannot be solved...
The step that you might be missing is that you need to select the new certificate as the one that the WEBDAV server will serve to the client.

To do so go to "Control Panel -> Security" and select the "Certificate" tab.
In there click the "Configure" button and select your new certificate for the WEBDAV server and click ok.

That worked for me and I didn't even have to install any pem files in my Windows 10 clients.

Thank you so much for your reply! I have tried that already. but still did not work...

It wont work both on Mac OS and 2 windows 10 machines connection.. I dunno what I have done wrong
Ok, I hope that you don't mind that I'm throwing out a few things at you that might be wrong and I hope that I'm not insulting your intelligence.

Since WebDAV over http already works for you, I'm assuming it's not a permission problem. I'm also assuming that you have activated the SSL port for the WebDAV server (standard 5006).

1. I didn't have to install the certificate on the client. The important thing of the SSL certificate is that it is valid for the server, so the server sends the certificate to the client and the client checks the certificate. One of the checks is that the certificate matches the domain in the URL. Assuming your NAS has a static IP on your local network, say at 192.168.1.20, your WebDAV access via http can go to http://192.168.1.20:5005/.... However that does not work for https, because the server's certificate doesn't match.

Say you got a certificate via LetsEncrypt for the domain bigfatnas.diskstation.me That means in your WebDAV URL you also need to now use that domain, e.g. your URL should be https://bigfatnas.diskstation.me:5006/... Now this request will not go directly to your diskstation, but go to your router and your router will (or should) do a loopback. It does seem though that some routers don't offer loopback or it's broken. (You can test loopback by installing WebStation on the NAS and temporarily forwarding port 80 from the router to port 80 of the NAS. Then do an http (not https!) request from your client, e.g. http://bigfatnas.diskstation.me If port forwarding works, you'll see a screen from the NAS, saying something like "WebStation has been enabled".

2. Once this works, you can disable port forwarding for port 80. Test WebDAV again. If it still doesn't work, try to forward port 5006 from the router to the same port on the NAS. Actually you might want to pick a different port for security reasons, e.g. enable port 50060 on the NAS' WebDAV server for SSL and forward that port from your router to the same port on the NAS. Of course now you're exposing your NAS to the internet (but I'm assuming that this is what you want to do). Try again with https://bigfatnas.diskstation.me:50060/...

3. One thing to note is that, when you type this URL (e.g. https://bigfatnas.diskstation.me:50060/ ) directly into your browser, you either get an error that the destination can't be reached or a "Not found" error. (At least that were the error msgs under Chrome in Windows). And in Chrome you can also see if the certificate is accepted or not by the icon next to your browser address bar. If you get a "Not found reply" and the connection is shown as secure, that means that your network connection is working and you just need to add the WebDAV network location.

4. Windows always remembers credentials and other info for the current login session, so I have found that I need to logoff and back logon in order to get some things working.

5. If you have the firewall configured on your NAS, make sure that it doesn't block the internal IP of your router, e.g. 192.168.1.1 , because now your requests may look like they're coming from that IP.

That's all I can think of for now. Did it get you any further?

Post Reply

Return to “WebDAV”