Synology Inc. Online Community Forum

Synology Inc. Online Community Forum

Skip to content

"Invalid cipher type" when trying to install ssl certificate

Anything regarding SSL/SSH and other security questions may go here
Forum rules
Please note the disclaimer before modifying your Synology Product.
Post a reply

"Invalid cipher type" when trying to install ssl certificate

Postby mpnalvin » Sat Jun 16, 2012 11:25 pm

Hello all! I'm trying to install a GoDaddy SSL certificate on a Synology 211j. I have successfully used these certificates before with an apache installation, so I believe the certificates are properly formatted. However, when I try to import them from the Control Panel, I get an "Invalid cipher type" message. Do I need to convert my certificates to a different format to work with the NAS?
mpnalvin
I'm New!
I'm New!
 
Posts: 1
Joined: Sat Nov 19, 2011 8:58 am
Top

Re: "Invalid cipher type" when trying to install ssl certifi

Postby tao1 » Sat Jun 30, 2012 12:00 am

Hi,

I encounter same problem here. In /var/log/messages there's following error:
uploadsslca.cgi: uploadsslca.cpp:277 ProcessJsonReq: checkCAContent failed

Regards,

Laurent.
tao1
I'm New!
I'm New!
 
Posts: 3
Joined: Sun Jun 24, 2012 5:49 pm
Top

Re: "Invalid cipher type" when trying to install ssl certifi

Postby gorus » Tue Sep 25, 2012 1:49 pm

I'm also having the same issue, trying to install a commercial SSL cert that I got from Digicert (http://www.digicert.com/wildcard-ssl-certificates.htm). The SSL cert runs fine on our Apache web servers. However, when I try to import it (public, private, and intermediate files) into our DSM, I get the "invalid cipher type" error. I've searched everywhere I could, but didn't find a solution. It's been 5 days and I still have not gotten a reply to my support ticket. Any ideas on how to fix this?
gorus
I'm New!
I'm New!
 
Posts: 1
Joined: Tue Sep 25, 2012 1:44 pm
Top

Re: "Invalid cipher type" when trying to install ssl certifi

Postby Dirac » Wed Oct 10, 2012 6:14 pm

Have any of you gotten resolution on this? I'm having the same problem with a StartSSL Class 1 certificate.

EDIT: Got it. I was using the encrypted private key. In the StartSSL control panel you can go to the toolbox, and you have a Decrypt Private Key option which will allow you to save the decrypted key and import that through the Synology web interface.
Dirac
Beginner
Beginner
 
Posts: 23
Joined: Tue Apr 13, 2010 4:44 pm
Top

Re: "Invalid cipher type" when trying to install ssl certifi

Postby samohT » Wed Oct 17, 2012 8:50 pm

Hello,

the cert-file must only contain the PEM encoded certificate. Which looks like that:

-----BEGIN CERTIFICATE-----
MIIGLDCCBBSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCR...
...f1C84xeGJwE0A/6ux2CZL8FFI5quHGEGrVtvqYfvk73ehvPz7patkJ54BQdwK
-----END CERTIFICATE-----


Open the file with a text editor. If the file starts with human readable data like that:

Certificate:
Data:
Version: 3 (0x2)
Serial Number...and so on


Than that has to be deleted so that only the encoded certificate remains.

Backup before editing.


Since (AFAIK) the default behaviour of OpenSSL is to include the human readable certificate information into the cert-file, Synology might consider to work on the import check mechanism.
DS112j - DSM 4.1-2668
samohT
Student
Student
 
Posts: 65
Joined: Wed Oct 17, 2012 8:06 pm
Top
Post a reply

Return to Security/Secured Mods

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group