News servers configuration section in NZBGet will have a new option Fingerprint which must be set by user manually, something like: Which is a certificate fingerprint check. So instead of trying to verify server certificate I could possibly implement a different approach to improve security and prevent MitM attacks. Although wouldn't it be strange (or suspicious) that some program uses a non-system root certificate store? Well, this collection comes from Mozilla and Firefox does this exact thing (uses it's own certificate collection instead of system store). MacOS has it's own certificate store too.Īn alternative could be to ship a certificate collection within NZBGet package. Windows has it's own certificate store which of course isn't in format expected by OpenSSL. A lot of confusion and this is just on Linux. Interesting reading - A note about SSL/TLS trusted certificate stores, and platforms (OpenSSL and GnuTLS). The big question is where to get that collection? To perform validation a collection of trusted root certificates is needed. im fairly new to some of these terminologies, so excuse my questions and lack of knowledge on the subject.Certificate validation is a difficult thing for NZBGet. I just want to download in security and peace. im not sure what could be causing the interception, any ways of testing/trouble shooting could you offer, i can get logs reports if needed. ![]() However i want to make sure im secure and no prying eyes. lol Its working now that i turned off certcheck option. Thank you for your reply, and now im starting to get worried. One of the goals of TLS / NNTPS is exactly avoiding that.Ĭompare it with going to Amazon or your bank's secure website via TLS / HTTPS, and Chrome says "Website insecure!". ![]() If that interception is not what you want and know, it is bad. You could ignore it (and change the setting), but the fact is something is intercepting your traffic. Most probable causes:ġ) a firewall/virusscanner on your PC intercepting your Newsserver traffic.Ģ) malware on your PC intercepting your Newsserver traffic. So if NZBget on your remote basement pc is reporting a problem, there is a problem in your path, probably on your PC itself. The TLS certificate for is correct, as shown by Thank you all for your greatly needed help and support, Happy New Year. (the reason i want to use basement pc to download NZBs, is because sonarr does not auto rename the files after download is complete on the office pc, i have no idea why, a 2nd problem im trying to fix all in good time) I hope i explained myself clearly, if not please feel free to ask, i have been trying to fix this for months on my own. So now, office pc works just fine, but when i try to download NZBs from the original pc i always use (basement pc) now i constantly get the above mentioned error. (basement pc stores all my media, regardless of which pc i use, they all dump the downloads into basement pc directory). I use my basement pc for the bulk of my NZB downloads (using remote desktop from office pc), and has worked for a long time, using sonarr to rename files for me. "TLS certificate verification failed for : self signed certificate in certificate chain. When i connect from office pc to remote pc (basement pc) and try to download NZBs, which i have set up the same settings (to my knowledge) on the basement pc i get the following error message: ![]() When i use NZB client upstairs (office pc) i can download no problems. let me explain i will try to summarize the best i can. ![]() I had everything setup and was working fine, i stopped using it for a while and now i have nothing but errors. I am fairly new at Usenet and using NZB, i have been using it for maybe 10 months now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |