This post describes how to add a SSL Certificate to the synology NAS device. (tested on DS207+ and DS209 II)
I was amazed how many post on the internet can be found, but none of all are a complete description on how to do this !
– Make sure that Telnet access is enabled (Management Menu, Terminal, enable Telnet)
– Within one of your shared folders on the synology, create a new folder.
i.e.: You have a shared folder like \\ipaddress\generic, create a subfolder like: \\ipaddress\generic\certificate
Login to your synology using telnet:
telnet ipaddress
login using username: root and your admin password
On the prompt you type the following:
cd /usr/syno
mkdir ssl
cd ssl
wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf
The last command downloads the openssl.cnf to your ssl directory.
Then we have to create the private key and some certificate request file (*.csr):
cd /volume1/generic/certificate (where generic/certificate is some folder you created)
openssl genrsa -des3 -out some.key 2048
openssl rsa -in some.key -out some.nopass.key
openssl req -nodes -new -key some.key -out some.csr
Some info will be requested – Look at the end of this document how to fill this in!
(the latter creates the csr file which you have to use to get your certificate from some SSL provider. If you get some error telling you that the openssl.cnf file is missing, then the wget above failed !)
Now you have some files in your shared drive: \\ipaddress\generic\certificate
– some.key
– some.nopass.key (without password)
– some.csr
You can access those files like you always access your files on the synolgy using the filemanager or windows explorer.
Go to some site where they sell SSL certificates and follow the instructions. When they ask you to provide your csr information, open the some.csr on your synology, copy and paste the info into the website. Probably you can then check what’s in the certificate request on the site. The site will deliver a something.CER file which is your certificate.
Now go into the management tool of the synology, go to webservices and click the button ‘import certficate’.
Upload the some.nopass.key as your private key
Upload the something.CER file as your certificate.
The webservice will reboot and now your certificate should work (when accessing the synology using HTTPS !)
What to enter when creating the csr file, just an example !
Country Code: NL (2 letter code)
Province / state: Noord Holland
Locality: Amsterdam city
Organisation: Company Name
Organisation Unit: IT Departement
Common Name: data.website.com (Enter your full qualified domainname here)
Your Email: info@website.com
next to questions you can answer with ‘ENTER’. (as far as I know)
[…] aanvragen van een SSL-certificaat is redelijk simpel. Je moet de stappen zoals die hier beschreven staan volgen (ik had hier een vertaling willen neerzetten, maar de hostingprovider filtert op een aantal […]
Thanks, nice and clear.
Thank you very much, your post are very helpfull for me.
[…] many sources on the net, but most of ths info comess from: Alexander’s Blog. This entry was posted in Synology Fun and tagged DS1010+, DSM3.2, PositiveSSL, Security, SSL, […]
[…] thanks to Alexander van der Sar and this post which some of this is taken […]
[…] https://vdsar.net/wordpress/archives/114 […]
[…] – verschlüsselter key problem synology – Problem mit der fehlenden openssl.cnf beheben – Synology Wiki SSL Zertifikate Categories: Synology Tags: Comments (0) Trackbacks (0) […]
dear author
thank you for your help –>
<<<<<<<<<<<<<<<<<
On the prompt you type the following:
cd /usr/syno
mkdir ssl
cd ssl
wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf
<<<<<<<<<<<<<<<<<<
i also found out that there is no ssl directory and that openssl.cnf is missing… but … i did not know where to find it… but your site helped me to load the file correctly and everything is runnin' fine!!
But …to be honest… THAT should be done by Synology not by the "end user" – I mean, you are technically skilled, so am i…but not everyone is to solve such problem…
THANKS FOR YOUR HELP!!
Thanks for this!
Worked perfectly with my new DS1512+ 🙂
Thanks. Very clear and straight to the point.
It works with DSM 4.0
Perfect, worked a treat, thanks very much for the clear instructions!
I was able to log in etc but when I use the wget command as follows, I get an error:
wget http://123adm.free.fr/home/pages/documents/syno-cert_fichiers/openssl.cnf
Resolving 123adm.free.fr… failed: Temporary failure in name resolution.
Please advise
Hi,
Temporary failure, so try again today.
I just tried to reach the http:123adm….. address using my computer browser and it still exists. Try that too, if you see a file then it might be that the DNS settings on your Synology are not configured properly. In that case it can’t resolve the address.
On your synology go to the configuration panel, choose network and enter your DNS address (might be the addres of your router. Otherwise use the one of your ISP or if you don’t know what those are, just enter 208.67.222.222 for the DNS address (it’s OpenDNS IP Address)
Goal of the wget command is to download that openssl.cnf file to the synology.
Good luck!
alex
Hi,
I managed to do everything as mentioned on my 412+, but I am unable to find a SSL/provider where I can convert my .csr to a .cer file ? I am not planning to buy a certificate.
Can some-one give me a link ?
thx,
Chris
Hi Chris,
Take a look at the link below this comments:
http://scottreed.eu/general/creating-installing-signed-ssl-certificate-synology-nas/
[…] I purchased a SSL certificate from godaddy for files.clientdomain.com, using this article as a guide to install it. Note about this article: I was not able to use some of the directories […]
Thanks a lot, this is so simple !