What's on my mind!

How to add a SSL certificate to your synology!

This post describes how to add a SSL Certificate to the synology NAS device. (tested on DS207+ and DS209 II)
I was amazed how many post on the internet can be found, but none of all are a complete description on how to do this !

- Make sure that Telnet access is enabled (Management Menu, Terminal, enable Telnet)
- Within one of your shared folders on the synology, create a new folder.
i.e.: You have a shared folder like \\ipaddress\generic, create a subfolder like: \\ipaddress\generic\certificate
Login to your synology using telnet:
telnet ipaddress
login using username: root and your admin password

On the prompt you type the following:
cd /usr/syno
mkdir ssl
cd ssl
wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf

The last command downloads the openssl.cnf to your ssl directory.
Then we have to create the private key and some certificate request file (*.csr):
cd /volume1/generic/certificate (where generic/certificate is some folder you created)

openssl genrsa -des3 -out some.key 2048
openssl rsa -in some.key -out some.nopass.key
openssl req -nodes -new -key some.key -out some.csr
Some info will be requested – Look at the end of this document how to fill this in!

(the latter creates the csr file which you have to use to get your certificate from some SSL provider. If you get some error telling you that the openssl.cnf file is missing, then the wget above failed !)
Now you have some files in your shared drive: \\ipaddress\generic\certificate
- some.key
- some.nopass.key (without password)
- some.csr
You can access those files like you always access your files on the synolgy using the filemanager or windows explorer.

Go to some site where they sell SSL certificates and follow the instructions. When they ask you to provide your csr information, open the some.csr on your synology, copy and paste the info into the website. Probably you can then check what’s in the certificate request on the site. The site will deliver a something.CER file which is your certificate.
Now go into the management tool of the synology, go to webservices and click the button ‘import certficate’.

Upload the some.nopass.key as your private key
Upload the something.CER file as your certificate.

The webservice will reboot and now your certificate should work (when accessing the synology using HTTPS !)

What to enter when creating the csr file, just an example !
Country Code: NL (2 letter code)
Province / state: Noord Holland
Locality: Amsterdam city
Organisation: Company Name
Organisation Unit: IT Departement
Common Name: data.website.com (Enter your full qualified domainname here)
Your Email: info@website.com

next to questions you can answer with ‘ENTER’. (as far as I know)

10 Comments

  1. Neil's Gravatar Neil
    May 28, 2011    

    Thanks, nice and clear.

  2. jbrek's Gravatar jbrek
    August 18, 2011    

    Thank you very much, your post are very helpfull for me.

  3. tilly's Gravatar tilly
    March 4, 2012    

    dear author

    thank you for your help –>
    <<<<<<<<<<<<<<<<<
    On the prompt you type the following:
    cd /usr/syno
    mkdir ssl
    cd ssl
    wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf
    <<<<<<<<<<<<<<<<<<

    i also found out that there is no ssl directory and that openssl.cnf is missing… but … i did not know where to find it… but your site helped me to load the file correctly and everything is runnin' fine!!

    But …to be honest… THAT should be done by Synology not by the "end user" – I mean, you are technically skilled, so am i…but not everyone is to solve such problem…

    THANKS FOR YOUR HELP!!

  4. BreeeZe's Gravatar BreeeZe
    April 20, 2012    

    Thanks for this!
    Worked perfectly with my new DS1512+ :-)

  5. DChrome's Gravatar DChrome
    April 21, 2012    

    Thanks. Very clear and straight to the point.
    It works with DSM 4.0

  6. Ti's Gravatar Ti
    May 1, 2012    

    Perfect, worked a treat, thanks very much for the clear instructions!

  7. Bart's Gravatar Bart
    July 5, 2012    

    I was able to log in etc but when I use the wget command as follows, I get an error:
    wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf

    Resolving 123adm.free.fr… failed: Temporary failure in name resolution.

    Please advise

    • Alexander's Gravatar Alexander
      July 5, 2012    

      Hi,
      Temporary failure, so try again today.
      I just tried to reach the http:123adm….. address using my computer browser and it still exists. Try that too, if you see a file then it might be that the DNS settings on your Synology are not configured properly. In that case it can’t resolve the address.

      On your synology go to the configuration panel, choose network and enter your DNS address (might be the addres of your router. Otherwise use the one of your ISP or if you don’t know what those are, just enter 208.67.222.222 for the DNS address (it’s OpenDNS IP Address)

      Goal of the wget command is to download that openssl.cnf file to the synology.

      Good luck!
      alex

  8. Chris's Gravatar Chris
    October 24, 2012    

    Hi,

    I managed to do everything as mentioned on my 412+, but I am unable to find a SSL/provider where I can convert my .csr to a .cer file ? I am not planning to buy a certificate.
    Can some-one give me a link ?

    thx,

    Chris

  1. ArtikelNU.nl » Blog Archive » Veilig verbinding maken met je Synology NAS via SSL on May 3, 2011 at 00:40
  2. Installing a SSL Certificate on Synology DS1010+, or similar | ClementPangOnline on September 16, 2011 at 02:03
  3. Creating and installing a self signed SSL certificate on Synology NAS on November 2, 2011 at 17:09
  4. Generate certificate on Synology - The IT-Toolbox on November 23, 2011 at 16:20
  5. antraxia.com » Synology und SSL Zertifikate on February 24, 2012 at 19:21
  6. WebDav for external access to Synology Shares via Windows | thegiamarie on February 7, 2014 at 00:01

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>