Synology Inc. Online Community Forum

[vaya_putada]

With newer versions of DS is so simple to add a certificate to the DS.

You can do it with the wizard under "Web Station" configuration in the control panel. Is not necessary to do this procedure. I did it in the past, but now I have my certificate correctly installed without doing anything of this.

Probably you need it if you want to use the certificate for other purposes, for example VPN or others... But if you only need it for WebStation, is not necessary to do this.

Regards!

[luckman212]

Hello,
I have tried to use StartSSL to create an SSL cert for my DS712, DSM4.1 final. It works from IE and Chrome but not Firefox. In Firefox I have the famous "The certificate is not trusted because no issuer chain was provided" error. I have not used the command line method, rather I imported the certificates via the DSM GUI. Is that my mistake? I think somehow the intermediate cert "sub.class1.server.ca.pem" has not installed correctly. Has anyone followed these steps with success on DSM 4.1? So many .crt, .csr, .key, .pem, .ca files my head is spinning.

[luckman212]

Well I am back to report some success although I am still a bit confused. I was able to solve the Firefox intermediate CA problem by manually adding in the following lines to /usr/syno/apache/conf/extra/httpd-ssl.conf-common :

Code: Select all

SSLCertificateChainFile /usr/syno/etc/ssl/ssl.root/sub.class1.server.ca.pem
SSLCACertificateFile /usr/syno/etc/ssl/ssl.root/ca.pem

And then restarting Apache:

/usr/syno/etc/rc.d/S97apache-sys.sh restart
/usr/syno/etc/rc.d/S97apache-user.sh restart

It seems like the GUI screen within DSM under Control Panel > Web Services > HTTP > Import Certificates may be broken?

Not sure where this intermediate CA gets added but I tried grep'ing through the entire /usr/syno/apache/conf/ directory looking for 'sub.class1.server.ca.pem' and didn't find it until I manually added it using the steps above. ???

[luckman212]

So- Does anyone know about why the intermediate CA does not seem to work when added via the GUI?

[ErikD]

I installed the startSSL certificate using the GUI, including the CA certificate sub.class1.server.ca.pem from http://www.startssl.com/certs/
It's working fine. But since that time I can't use https with Ds Audio on iOS. (check IP adress from Diskstation).
DS File with https is working, so is DS Audio without https
Could there be a relation between the certificate and the disfuntioning of DS Audio https?
Is there any way to remove the certificates to test this?

[ALBINALI]

Please i need help !
which file from GUI should i keep in:
1- Privte ket
2- Certificate
3- Intermediate
??

[GNOE Inc.]

Please i need help !
which file from GUI should i keep in:
1- Privte ket
2- Certificate
3- Intermediate
??

- At location 'Private Key:' browse to the 'some.nopass.key'-file (made in step 4)
- At location 'Certificate:' browse to the 'ssl.crt'-file (made in step 8.8 )

Intermediate ->> - sub.class1.server.ca.pem (intermediate CA certificate)

[ALBINALI]

Please i need help !
which file from GUI should i keep in:
1- Privte ket
2- Certificate
3- Intermediate
??

- At location 'Private Key:' browse to the 'some.nopass.key'-file (made in step 4)
- At location 'Certificate:' browse to the 'ssl.crt'-file (made in step 8.8 )

Intermediate ->> - sub.class1.server.ca.pem (intermediate CA certificate)

Thank you so much for trying to help me , but is the startsll free acount work fine with this?

[GNOE Inc.]

It's all free!

[ALBINALI]

but as understand that thawte trial is for 30 day only !
and the startsll in one year !
sorry if it is not clear to me !

[GNOE Inc.]

StartSSL™ Free

The StartSSL™ Free (Class 1) certificates are domain or email validated and mostly referred to as the free certificates. Because the checks are performed mostly by electronic means, they require only minimal human intervention from our side. The validations are here to make sure, that the subscriber is the owner of the domain name, resp. email account. You may find additional information on this subject in our CA policy.

The StartSSL™ Free certificates are intended for web sites which require protection of privacy and prevent eavesdropping. However information presented within these certificates, except the domain name and email address, are not verified. Should you need higher validated certification, please check out our StartSSL™ Verified (Class 2) certificates.

100% Free The StartCom Certification Authority, provides the StartSSL™ Free certificates instantly, without limitations and free of charge under the condition, that the subscriber provides his/her complete, correct personal details and accepts the Subscriber Obligations of the StartCom CA Policy. Secure your web server and mail traffic now by using the Certificate Control Panel

[ALBINALI]

Thank you for your help seems that i need to do the steps again some thing wrong with what i do

[ALBINALI]

New problem apper to me , now when i remove the https option from the DSM and try to login to my DS it is not login and when i enable it it is not login with port 5001 but it is login with port 5000 ??
so my ddns apper like this:
https://++++++.synology.me:5000
how could this be ?
now i want to remove the https option i remove all the teck from the option and it is not work

[ALBINALI]

I don`t know what is happen i just restart the router and the http ddns work but the https it is not work hehehehehe , even if i enable it i don`t wanna enable the auto redirect to https

[ALBINALI]

Hello GNOE Inc.,

Please i follow the steps is this thread
http://mikebeach.org/2012/11/13/startssl-ssl-certificate-on-synology-nas-using-subdomain/
everything was fine until i need to save the certificate in file i just copy it to a text file and after that when i copy it again from the text file it is appear this is not the right way to save a code !

so please can you help me to find a way to safe this code so i can create this SSL file