I suck at linux, so while the concept of "backup file before editing" is probably dead simple to some, i don't even know where to start.
i know you can google all that info but let me just type out what i did to change the mkcert.sh and executing it.
i am running DSM 2.2, i enabled SSL(https) under Webservices since i wanted to expose FileStation to the internet. I have a domain name which will forward http://sub.domain.com
. (this was done on the forwarding option on godaddy).
you cannot forward to a specific port number at this point. but i needed it to work without having to type any port number.
on my router/firewall (linksys) i opened port 443(https) to forward to my diskstation. this will allow requests via https default port 443 to hit my diskstation.
problem is i need it to hit port 7001 to get to the filestation app.
So i enabled Webstation and added a virtual host (plenty instructions available for that)
i created a virtual host in the same section, picked a folder name "subredir" set the hostname to my sub.domain.com and selected https as protocol, port 443.
even if you would pick 7001 here, i dont think you can redirect a url at the dns level(godaddy) to a different port. this has to happen at the webserver.
now if i browsed to sub.domain.com, i would hit my virtual host on the diskstation and whatever is in that folder "subredir".
now I created a index.html page in notepad (rename the txt -> html) and inserted
- Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<meta http-equiv="REFRESH" content="0;url=https://sub.domain.com:7001"></HEAD>
Optional page text here.
now hitting that site would forward the browser to https://sub.domain.com:7001
before this works, you have to go to your router again an add another forward to your diskstations IP on port 7001.
now to the certificate part.
I enabled telnet and ssh access at network services and terminal.
I downloaded and ran WinSCP on my windows laptop, logged in as root (used admin pass) to my diskstation(hostname of syno box) ; ignored the errors and warning and continued on to get to the browser interface and browsed to /usr/syno/etc/ssl. created a backup folder and duplicated the three folders and one file from the ssl directory into the backup directory. this solved my lack of knowledge as to how to do that via commandline.
then I telneted to the diskstation; CMD for the win command window(dos screen). typed "telnet diskstation" or whatever the host name of your device is. log in as root (admin password) again.
as DinTid wrote: type and run (enter)
you can navigate the file with the arrow keys on your keyboard, to get familer with it.
you cannot make any edit in this current mode.
type: i [enter]
this will allow you to edit the file.
as rickywk said, you want to edit the data in lines 69-75, 168-174
to make sure I was not messing up too much stuff at once, I only edited the one line that appeared to be relevant to the url of my domain name.
line 173. the line count is displayed at the bottom of you command window.
it originally states synology.com.
I replaced it with *.mydomain.com
the * should allow multiple sub.domain.com addresses to be used. however I am no expert on SSL certs. so you could also put sub.domain.com in there.
I left the rest of the file alone, I can edit it later once I have confirmed that I am actually able to generate a new cert with this change.
now hit the ESC key to exit out of the edit/insert mode of the file.
it was mentioned to type :gw to save the file, that didn’t work for me, I got an error
I typed :w to write the changes the ":" is part of the command you type
and then :q to close the file
the screen should get you back to the same command you started at Diskstation> with a blinking cursor
now use the commands Dintid posted
cd /usr/syno/etc/ssl/ press [ENTER]
./mkcert.sh press [ENTER]
your cmd window will run through the script
once done, go to your diskstation admin console in the browser and restart it.
now I brwosed to https://sub.domain.com
, I still get cert warnings, ignored them, to get to the filestation login page then clicked in IE8 on the certificate error button visiable at the end of the address bar. clicked view certificate. now I was able to see the details of the cert
and sure enough it showed my new url in the cert. success. (now that you know it worked, you could edit the rest of the lines mentioned above to show your name/state/email/etc)
the initial errors you see in IE should now only complain about it coming from an untrusted source, of course, as your diskstation, the source of this ssl cert is not trusted like verisign/twarte in the eyes of IE.
what I have not figured out how to import this cert to IE and trust it, which should eliminate all the warnings. however my company controls some of the security settings in IE and I may just be stuck with the warning unless I pay for a cert from a third party.
if someone has some input on how to get the self signed cert trusted in IE and/or if there is a better way to get the port forwarding to work, I am all ear. ( as a site note, I have other sites hosted on a different server behind the same firewall, so I cant forward all ports to the diskstation by default. it needs to respond based on a hostname.)
please excuse my bad writing, I just had my right arm operated on an typing this one handed with my left.