The ability to set and configure SSL certificates that don’t display warnings to visitors is an important, but sometime frustrating process. This guide will help anyone trying to create and apply a certificate to a QNAP NAS device. I welcome and appreciate comments that provide issues that have been encountered with this process. Being familiar with certificates in general, I may have missed some of the common issues encountered when attempting to apply SSL certificates.
Background / Additional Information
A couple of notes about this process.
While self-signed SSL certificates can be generated locally, it defeats the purpose of changing or applying new certificates as visitors will more than likely not be able to verify the validity of the certificate. This guide is for generating a csr to provide to a 3rd party certificate authority like StartSSL.
Following the guide to generate certificates for Linux Apache web servers found here will be very important as this guide doesn’t detail the creation of the private key, certificate signing request, or submission of the csr to the certificate authority to generate the final certificate. It also doesn’t cover converting the returned certificate file from cer format to pem format. This process can be found here.
It should also be noted that some understanding of certificates and how they work is required to complete this process.
To generate a csr file to be submitted to a certificate authority, verify that openssl is installed and if it is not, download and install it. The following commands when run on the QNAP NAS will install openssl.
ipkg update ipkg install openssl
Once openssl has been successfully installed, the process for generating a certificate signing request (csr) and submitting it to a certificate authority is very similar to the process on a Linux server running Apache. For details on this process, I have created a document previously on this topic found here. The commands for generating the csr, and converting the certificate file from cer to pem are identical. The only difference is the application of the certificate. The QNAP provides a user friendly web interface that is used to supply the private key and pem certificate file. These are text boxes and require the private key and certificate file to be pasted into them and then applied.
A quick note, when issuing the openssl command, you may receive a warning message like the following: “Can’t open config file: /usr/local/openssl.cnf”. This indicates that the system either can’t find the file, or it is not able to access the file. Determine which is the case and if it not in the specified path, perform a search to determine the location and copy it to the correct location, or check the permissions of the file and update as necessary. A file may be found named openssl.cnf.example. This file can be used by renaming it (I recommend copying it to the new name so you retain the example file) and modifying as needed.
While it might be assumed that applying your own certificate to a QNAP NAS might be a difficult process, if you have any experience with applying certificates, it should be no problem at all.
No troubleshooting steps have been defined at this point.