About a week ago I got a certificate warning when accessing my EX2 via my shortcut to “WD My Cloud.exe”
If I try to install the certificate I get the following message
You are about to install a certtificate from a certification authority (CA) claiming to represent:
zx
Windows cannot validate that the certificate is actually from “zx”. You should confirm its origin by contacting “zx”. The following number will assist you in this process:
Thumbprint (sha1):…(followed by 5 groups of 8 characters)
Warning:
If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click “Yes” you acknowledge this risk.
Do you want to install this certificate?
Looking into the certificate detail it relates to zx.com which appears to be a Chinese newspaper/magazine and has no apparent connection to Western Digital.
Networking is not my strong point and have only had my WD EX2 for about 4 months and all has been well up to now.
I sent an email to support 4 days ago but no response. Can anybody help with this please as I am unable to access my EX2. Is this a scam or virus? Should I install the certificate?
This looks awfully fishy to me - I wouldn’t trust it. I do not know for sure if that exe is okay or not since I never installed any exe - everything I needed to configure the EX2 was already accessible from a browser. But who knows.
That is definitely not right. What version of the firmware are you running, and have you had cloud access enabled as well as dashboard and SSH access allowed?
I hate to say it, but it definitely appears you have been hacked or have a virus. Could be your EX2 NAS or more likely your PC.
Firmware is 1.05.21 which I believe is the latest.
Dashboard Access is ON
SSH is OFF (not recommended to be on for the likes of me according to WD website)
When accessing the drive there has always been a WD message suggesting a security alert of this kind might occur and gives an example, but it advises windows users to just click Yes (to continue).
It does offer answers to the questions:
> Why do these messages appear?
> How can I stop them?
I’ve never clicked on them in the past but if I do the hotlinks don’t work so I don’t know the answers, maybe you can try it if you get the same message?
I used to click “I Understand” and then access to the drive was allowed but now it goes further and gives the warning I described.
I hope you can understand my explanation.
Incidentally, I can access the drive quite happily without any of the above hassle from my phone and iPad.
(I inadvertently closed Google Chrome and lost all my input so hoping I can remember everything in the right order)
Ran full virus scan overnight with Kaspersky. No threats detected.
Disconnected the router from the internet and replied “Yes” to each warning about zx (4 times). I could then access the EX2 after clicking “I understand”.
When I next accessed the EX2 I only got the “*.wd2go.com” certificate warning but after selecting “I Understand” I got the “WD My Cloud” screen but it was blank.
Fearing I had inadvertently accepted the zx certificate I looked in my certificate store and under “Other People” I found a certificate issued by zx to zxserver. Checking the properties of the certificate I selected “Disable all purposes for this certificate” and clicked “Apply”. Hopefully this will disable any affects from that certificate.
Reconnected the internet to the router.
The “WD My Cloud” screen remained blank when running the desktop app so I re-installed “WDMyCould_win.exe” but this made no difference. Maybe I need to reboot my PC which I will try after submitting this update.
I’m now scratching my head again but guess I need to delete the zx certificate. I’ll await further guidance.
Not sure if you’ve solved this yet, but I may have some more information for you regarding this problem, although I can’t promise a solution.
I found your post after searching for “Issued to: zxserver” which was appearing on the security certificate we were getting when trying to connect to an internal webserver, while on our internal network. This was not the certificate assigned on the server and while our internal DHCP and DNS seemed to be configured fine, no problems go to external websites, just internal ones.
After a lot of head scratching we did find was that this certificate was assigned to the new broadband router we had been given by the ISP, specifically a Huawei HG659b. The odd thing was that DNS and DHCP was been handled by a separate server not the router and shouldn’t have been going through the router for internal traffic at all.
What fixed this for us was that we noticed that the router while having DHCP disable for IPv4 still had DHCP for IPv6 enabled, once we disabled this, no more “zx” security certificate.
