The original post can be found here. Mcat discord. For archiving purposes and quick access I have copied this to my blog.
- Synology Openssl Cpu
- Make OpenSSL/Python Trust Synology's SSL Certificate
- Synology Ssl Certificate Has Changed
United States - English. How can we help?
Synology Openssl Cpu
- Mar 06, 2017 First you create a Certificate Authority (CA) which is the master key that will sign the site usable SSL. Second you need to supply the details for the certificate itself. Creating the self-signed certificate from the Synology control panel has a key step that you must complete or the certificate will be invalid.
- Synology remote access requires a key component called a SSL certificate for securing your data. Webpage warnings can be avoided by adding the domain as a security exception, allowing you to access DSM normally.
- Your disk station (whatever vendor, most probably) offers browser access for administration and so plus a lot of other services that can be (and should be) accessed via SSL, hence: you need a cert. Synology has certificate management in the control panel (rightmost tab in “Security”).
- Secure your Synology Diskstation local IP via Self-Signed SSL Since Google released Chrome version 56 (January 2017) the warnings against HTTP only sites that collect passwords and personal details as well as HTTPS sites with untrusted SSL certificates has been stepped up; and this can only be a good thing for the web.
- At first you should generate a temporary work folder. For example /usr/local/ssl/ and cd to this location.
The generation of SSL-certificates is always in two steps. At first you have to generate a certificate authority key. Then you generate a server certificate out of the certificate authority key. The server certificate will be used when starting the webserver. The certificate authority key has to be installed on the client pc.
- During the key generation you have to enter a passphrase which you need later to generate the certificates. Generate the key ca.key with the following command (openssl is pre-installed on your synology):
- Generation of the key certificate:
- Generation of the final certificate authority key (valid 10 years):
Make OpenSSL/Python Trust Synology's SSL Certificate
![Synology Synology](/uploads/1/3/7/6/137650071/818041588.png)
Synology Ssl Certificate Has Changed
- Generation of the key:
- |Generation of the key certificate – most important is the Common Name. It is important that it matches your DNS-Name. Example: name.dyndns.org. You can also use wildcards like *.name.dyndns.org.
- Generation of the server certificate:
- Change into the Synology certificate folder:
- Make a backup folder for the old files:
- Copy the old files into the backup folder:
- Move the new files to the certificate folder:
- The ca.crt has to be installed on the client workstations. For this we copy the file into the folder public.
- Restart your Synology Station
Finally the certificate has to installed on the client workstations as a trusted certificate authority. Copy the file ca.crt to the client pc. Install it within windows explorer with rightclick -> install certificate.
![Synology ssl certificate has changed Synology ssl certificate has changed](/uploads/1/3/7/6/137650071/589175390.png)
In case something goes wrong, Synology has supplied an easy way to, not restore, but create a set of new and working certificates. This should restore the certificates if importing certificates from the web manager has failed. If you need a telnet or ssh client use PuTTY. What do you get with amazon prime.
- Login as root, using the admin users password, to the Synology NAS drive using telnet or ssh and type the following in the command prompt:
- Allow the script to finish, and type reboot in the prompt.
- In a while the NAS drive should have rebooted, and everything should be fine again.