Certificate Expired - Impact Ssecurity in 1.8.0 in QNAP

So I realized today that I was running the 1.4.1 version in my QNAP (the version they still have in their “app store” as latest" so I downloaded the 1.8.0 and when installing it I am getting the warning about “Digital Signature Warning, The certificates for this application have expired, installing this application may impact NAS security”. It let me install it anyways and now in the QNAP apps Duplicacy has a special icon saying the same, so I wonder what’s going on because of course it concerns me.

Hey there,

It’s fair to say that Duplicacy provides the option to update or use custom certificates, which helps address security concerns related to expired certificates. Here’s a quick rundown:

Custom Certificates

Duplicacy Web Edition (v1.5.0 and later) allows you to use your own SSL certificates. You can place your certificates in the ~/.duplicacy-web/certs directory with the files named domain.crt (for the full chain certificates) and domain.key (for the private key) [❞].

Certificate Management

By using custom certificates, you can ensure your certificates are always up to date and issued by a trusted authority. This flexibility is crucial for maintaining secure communication between Duplicacy and your browser or other services.

Security Concerns

  • Expired Certificates: An expired certificate might trigger security warnings, but this does not mean the software is compromised. It simply means the certificate hasn’t been renewed, so your system can’t automatically verify the software’s authenticity.
  • Custom Certificates: Allowing custom certificates lets you manage your security credentials independently, maintaining a high level of security.

I don’t view this as an issue , long as your foe loading duplicacy from the correct location

Implementing your own certificates in Duplicacy is a good practice to ensure secure communications. This feature gives you control over your SSL/TLS configurations and helps maintain security by using up-to-date and trusted certificates.

For more detailed guidance, check out these resources:

Hope this helps!