This post describes how to add a SSL Certificate to the synology NAS device. (tested on DS207+ and DS209 II)
I was amazed how many post on the internet can be found, but none of all are a complete description on how to do this !
- Make sure that Telnet access is enabled (Management Menu, Terminal, enable Telnet)
- Within one of your shared folders on the synology, create a new folder.
i.e.: You have a shared folder like \\ipaddress\generic, create a subfolder like: \\ipaddress\generic\certificate
Login to your synology using telnet:
login using username: root and your admin password
On the prompt you type the following:
The last command downloads the openssl.cnf to your ssl directory.
Then we have to create the private key and some certificate request file (*.csr):
cd /volume1/generic/certificate (where generic/certificate is some folder you created)
openssl genrsa -des3 -out some.key 2048
openssl rsa -in some.key -out some.nopass.key
openssl req -nodes -new -key some.key -out some.csr
Some info will be requested – Look at the end of this document how to fill this in!
(the latter creates the csr file which you have to use to get your certificate from some SSL provider. If you get some error telling you that the openssl.cnf file is missing, then the wget above failed !)
Now you have some files in your shared drive: \\ipaddress\generic\certificate
- some.nopass.key (without password)
You can access those files like you always access your files on the synolgy using the filemanager or windows explorer.
Go to some site where they sell SSL certificates and follow the instructions. When they ask you to provide your csr information, open the some.csr on your synology, copy and paste the info into the website. Probably you can then check what’s in the certificate request on the site. The site will deliver a something.CER file which is your certificate.
Now go into the management tool of the synology, go to webservices and click the button ‘import certficate’.
Upload the some.nopass.key as your private key
Upload the something.CER file as your certificate.
The webservice will reboot and now your certificate should work (when accessing the synology using HTTPS !)
What to enter when creating the csr file, just an example !
Country Code: NL (2 letter code)
Province / state: Noord Holland
Locality: Amsterdam city
Organisation: Company Name
Organisation Unit: IT Departement
Common Name: data.website.com (Enter your full qualified domainname here)
Your Email: email@example.com
next to questions you can answer with ‘ENTER’. (as far as I know)