My Cloud OS 5 HTTPS Redirects

In My Cloud OS 5, we have improved the security of your access to the Admin web dashboard by implementing HTTPS support, which uses Transport Layer Security (TLS) to encrypt and authenticate the communication between your web browser and your NAS device. In order to equip your device with a certificate that can be recognized and validated by your web browser, each NAS device is issued a unique Domain Name System (DNS) name through a Western Digital domain. Using this DNS name allows your browser to access your My Cloud NAS over HTTPS without receiving a certificate validation error from a self-signed certificate.

This domain name is configured to point at the local IP of your My Cloud NAS, and HTTPS traffic for the Admin web dashboard is not sent to Western Digital servers. You can verify this by using the “ping” command or another tool to resolve the IP address of the domain assigned to your NAS (of the form device-local-XXXXXXXX.remotewd.com). This domain will resolve to the IP address of your My Cloud NAS on your local network.

When accessing the Admin web dashboard by IP address, the dashboard will check to see if your access can be upgraded to HTTPS security automatically, and if so, redirect you to use HTTPS. If you are accessing the dashboard without an Internet connection, access will continue to use the local IP address.

We understand that this redirect may have caused customer confusion and are exploring ways that we might improve the experience to make it clear that access to your NAS device is still taking place through your local network.

Additional Information about HTTPS on My Cloud

During Device Setup

  1. When the My Cloud device boots up for the first time in version 5.xx.xxx firmware, the device is registered with a unique device id to the My Cloud database
  2. A DNS entry is created for this device in the My Cloud database
  3. A certificate from Let’s Encrypt is generated for local and direct DNS names

During Admin UI Access

  1. Browser connects to NAS via http://IP
  2. Admin UI is loaded in browser and determines that NAS can be reached over HTTPS
  3. Browser is redirected to https://device-local-XXXXXXXX.remotewd.com
  4. Browser resolves device-local-XXXXXXXX.remotewd.com to local IP address of NAS
  5. Browser checks certificate presented by NAS and validates the HTTPS connection
  6. Browser communicates directly with local NAS to perform Admin UI functions
3 Likes