How to add a SSL certificate to your synology!

Home/Computer How-To, Uncategorized/How to add a SSL certificate to your synology!

How to add a SSL certificate to your synology!

This post describes how to add a SSL Certificate to the synology NAS device. (tested on DS207+ and DS209 II)
I was amazed how many post on the internet can be found, but none of all are a complete description on how to do this !

– Make sure that Telnet access is enabled (Management Menu, Terminal, enable Telnet)
– Within one of your shared folders on the synology, create a new folder.
i.e.: You have a shared folder like \\ipaddress\generic, create a subfolder like: \\ipaddress\generic\certificate
Login to your synology using telnet:
telnet ipaddress
login using username: root and your admin password

On the prompt you type the following:
cd /usr/syno
mkdir ssl
cd ssl
wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf

The last command downloads the openssl.cnf to your ssl directory.
Then we have to create the private key and some certificate request file (*.csr):
cd /volume1/generic/certificate (where generic/certificate is some folder you created)

openssl genrsa -des3 -out some.key 2048
openssl rsa -in some.key -out some.nopass.key
openssl req -nodes -new -key some.key -out some.csr
Some info will be requested – Look at the end of this document how to fill this in!

(the latter creates the csr file which you have to use to get your certificate from some SSL provider. If you get some error telling you that the openssl.cnf file is missing, then the wget above failed !)
Now you have some files in your shared drive: \\ipaddress\generic\certificate
– some.key
– some.nopass.key (without password)
– some.csr
You can access those files like you always access your files on the synolgy using the filemanager or windows explorer.

Go to some site where they sell SSL certificates and follow the instructions. When they ask you to provide your csr information, open the some.csr on your synology, copy and paste the info into the website. Probably you can then check what’s in the certificate request on the site. The site will deliver a something.CER file which is your certificate.
Now go into the management tool of the synology, go to webservices and click the button ‘import certficate’.

Upload the some.nopass.key as your private key
Upload the something.CER file as your certificate.

The webservice will reboot and now your certificate should work (when accessing the synology using HTTPS !)

What to enter when creating the csr file, just an example !
Country Code: NL (2 letter code)
Province / state: Noord Holland
Locality: Amsterdam city
Organisation: Company Name
Organisation Unit: IT Departement
Common Name: data.website.com (Enter your full qualified domainname here)
Your Email: info@website.com

next to questions you can answer with ‘ENTER’. (as far as I know)

By | 2016-10-30T21:20:21+00:00 February 22nd, 2010|Computer How-To, Uncategorized|17 Comments

About the Author:

Admin and owner of this website.

17 Comments

  1. […] aanvragen van een SSL-certificaat is redelijk simpel. Je moet de stappen zoals die hier beschreven staan volgen (ik had hier een vertaling willen neerzetten, maar de hostingprovider filtert op een aantal […]

  2. Neil May 28, 2011 at 14:52 - Reply

    Thanks, nice and clear.

  3. jbrek August 18, 2011 at 16:19 - Reply

    Thank you very much, your post are very helpfull for me.

  4. […] many sources on the net, but most of ths info comess from: Alexander’s Blog. This entry was posted in Synology Fun and tagged DS1010+, DSM3.2, PositiveSSL, Security, SSL, […]

  5. […] thanks to Alexander van der Sar and this post which some of this is taken […]

  6. […] – verschlüsselter key problem synology – Problem mit der fehlenden openssl.cnf beheben – Synology Wiki SSL Zertifikate Categories: Synology Tags: Comments (0) Trackbacks (0) […]

  7. tilly March 4, 2012 at 13:50 - Reply

    dear author

    thank you for your help –>
    <<<<<<<<<<<<<<<<<
    On the prompt you type the following:
    cd /usr/syno
    mkdir ssl
    cd ssl
    wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf
    <<<<<<<<<<<<<<<<<<

    i also found out that there is no ssl directory and that openssl.cnf is missing… but … i did not know where to find it… but your site helped me to load the file correctly and everything is runnin' fine!!

    But …to be honest… THAT should be done by Synology not by the "end user" – I mean, you are technically skilled, so am i…but not everyone is to solve such problem…

    THANKS FOR YOUR HELP!!

  8. BreeeZe April 20, 2012 at 20:24 - Reply

    Thanks for this!
    Worked perfectly with my new DS1512+ 🙂

  9. DChrome April 21, 2012 at 19:22 - Reply

    Thanks. Very clear and straight to the point.
    It works with DSM 4.0

  10. Ti May 1, 2012 at 11:35 - Reply

    Perfect, worked a treat, thanks very much for the clear instructions!

  11. Bart July 5, 2012 at 01:37 - Reply

    I was able to log in etc but when I use the wget command as follows, I get an error:
    wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf

    Resolving 123adm.free.fr… failed: Temporary failure in name resolution.

    Please advise

    • Alexander July 5, 2012 at 07:22 - Reply

      Hi,
      Temporary failure, so try again today.
      I just tried to reach the http:123adm….. address using my computer browser and it still exists. Try that too, if you see a file then it might be that the DNS settings on your Synology are not configured properly. In that case it can’t resolve the address.

      On your synology go to the configuration panel, choose network and enter your DNS address (might be the addres of your router. Otherwise use the one of your ISP or if you don’t know what those are, just enter 208.67.222.222 for the DNS address (it’s OpenDNS IP Address)

      Goal of the wget command is to download that openssl.cnf file to the synology.

      Good luck!
      alex

  12. Chris October 24, 2012 at 22:25 - Reply

    Hi,

    I managed to do everything as mentioned on my 412+, but I am unable to find a SSL/provider where I can convert my .csr to a .cer file ? I am not planning to buy a certificate.
    Can some-one give me a link ?

    thx,

    Chris

  13. […] I purchased a SSL certificate from godaddy for files.clientdomain.com, using this article as a guide to install it. Note about this article: I was not able to use some of the directories […]

  14. fabien August 27, 2016 at 13:34 - Reply

    Thanks a lot, this is so simple !

Leave A Comment