"Invalid cipher type" when trying to install ssl certificate

Anything regarding SSL/SSH and other security questions may go here
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
mpnalvin
I'm New!
I'm New!
Posts: 1
Joined: Sat Nov 19, 2011 8:58 am

"Invalid cipher type" when trying to install ssl certificate

Unread post by mpnalvin » Sat Jun 16, 2012 11:25 pm

Hello all! I'm trying to install a GoDaddy SSL certificate on a Synology 211j. I have successfully used these certificates before with an apache installation, so I believe the certificates are properly formatted. However, when I try to import them from the Control Panel, I get an "Invalid cipher type" message. Do I need to convert my certificates to a different format to work with the NAS?

tao1
I'm New!
I'm New!
Posts: 4
Joined: Sun Jun 24, 2012 5:49 pm

Re: "Invalid cipher type" when trying to install ssl certifi

Unread post by tao1 » Sat Jun 30, 2012 12:00 am

Hi,

I encounter same problem here. In /var/log/messages there's following error:
uploadsslca.cgi: uploadsslca.cpp:277 ProcessJsonReq: checkCAContent failed

Regards,

Laurent.

gorus
I'm New!
I'm New!
Posts: 1
Joined: Tue Sep 25, 2012 1:44 pm

Re: "Invalid cipher type" when trying to install ssl certifi

Unread post by gorus » Tue Sep 25, 2012 1:49 pm

I'm also having the same issue, trying to install a commercial SSL cert that I got from Digicert (http://www.digicert.com/wildcard-ssl-certificates.htm). The SSL cert runs fine on our Apache web servers. However, when I try to import it (public, private, and intermediate files) into our DSM, I get the "invalid cipher type" error. I've searched everywhere I could, but didn't find a solution. It's been 5 days and I still have not gotten a reply to my support ticket. Any ideas on how to fix this?

Dirac
Beginner
Beginner
Posts: 25
Joined: Tue Apr 13, 2010 4:44 pm

Re: "Invalid cipher type" when trying to install ssl certifi

Unread post by Dirac » Wed Oct 10, 2012 6:14 pm

Have any of you gotten resolution on this? I'm having the same problem with a StartSSL Class 1 certificate.

EDIT: Got it. I was using the encrypted private key. In the StartSSL control panel you can go to the toolbox, and you have a Decrypt Private Key option which will allow you to save the decrypted key and import that through the Synology web interface.

samohT
Student
Student
Posts: 68
Joined: Wed Oct 17, 2012 8:06 pm

Re: "Invalid cipher type" when trying to install ssl certifi

Unread post by samohT » Wed Oct 17, 2012 8:50 pm

Hello,

the cert-file must only contain the PEM encoded certificate. Which looks like that:
-----BEGIN CERTIFICATE-----
MIIGLDCCBBSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCR...
...f1C84xeGJwE0A/6ux2CZL8FFI5quHGEGrVtvqYfvk73ehvPz7patkJ54BQdwK
-----END CERTIFICATE-----
Open the file with a text editor. If the file starts with human readable data like that:
Certificate:
Data:
Version: 3 (0x2)
Serial Number...and so on
Than that has to be deleted so that only the encoded certificate remains.

Backup before editing.


Since (AFAIK) the default behaviour of OpenSSL is to include the human readable certificate information into the cert-file, Synology might consider to work on the import check mechanism.
DS112j - DSM 5.0-4458

Locked

Return to “Security/Secured Mods”