SSL Certificate Reuse Vulnerability

The Seagate Business Storage NAS 1, 2 and 4-Bay ships with an SSL certificate that is a static file. Therefore, this file is the same on all of the units by default. This article describes how to auto generate a new unique SSL Certificate and Key.



(This does not include the Seagate NAS, Seagate NAS Pro, Business Storage 8 or 4-Bay Rackmount NAS models.)

 

Seagate recommends that users of Business Storage NAS products auto generate a new unique SSL Certificate and key. Once a new key pair is created it will stay with the unit after upgrades.

This is only used for HTTPS.    

 

How to auto generate a new unique SSL Certificate key pair

  1. Open a browser and use the IP Address or Hostname to login in to the Business Storage NAS Manager page.

  2. Click System on the left.

  3. Click Advanced Settings.

  4. On the right next to Auto-generate Key: click Generate new SSL key.

 

A Warning will report: "The device already has an SSL certificate and key pair. Are you sure you want to generate a new SSL certificate and key pair?”

 

An SSL Certificate/Key Generation form will open.

 
  1. Select the Country Name from the drop-down and fill out the rest of the fields shown below.

 

Country Name:

State or Province Name:

Locality Name:                    (e.g. City)

Organization Name:             (e.g. Company)

Organizational Unit Name:   (e.g. Section)

Common Name:                  (e.g. Your Name)

Email Address:

 
  1. After completing the form click Submit.

 

A Warning will report, "Generating the RSA private key and a signed certificate in X.509 PEM format may take a few minutes. This process overwrites the existing certificate and key. Once this process has started, DO NOT close the browser or turn off power to the device. Are you sure you want to generate a new SSL certificate and key pair?"

 
  1. Click OK.

 

A box will report that the, "SSl certificate generated successfully."

 
  1. Click OK then Click Submit.

 

A Warning will report, "The device will use the new SSL Certificate and Key you generated if its web access protocol is 'HTTPS'. Are you sure you want to use the new SSL Certificate and Key now?"

 
  1. Click OK.

 

A new unique SSL Certificate Key Pair has been generated.