Scenario: you uploaded a corrupted SSL Cerificate to your SSL Configuration (Web Service/HTTP Service) on your Synology DS
Resolution: if you have Telnet or SSH enabled, connect to the Synology DS and login as root. Then run the following commands:
cd /usr/syno/etc/ssl/
./mkcert.sh
Afterwards type reboot at the command prompt. Your Synology DS should restart.
Now you will have to create a correct SSL Certificate.
1. Firstly we need to use Telnet or SSH.
2. Next open up you Telnet/SSH Client
3. Now log on to your Synology DS. The username is “root” and the password is the one you chose during initial configuration of your Synology DS.
4. Type each of the following
cd /usr/syno
mkdir ssl
cd ssl
wget http://www.pbnet.ro/syno/openssl.cnf
This will install the openssl content in to the Synology DS so it can be used.
Creating and installing the SSL certificate
1. Log on to the web interface of the Synology DS. Create a folder under one of the main shared folders that you have access to and can download from that we can use to create the ssl files.
2. Log on as “root”
3. Type cd /volume1/home. There create a directory called certificates by typing MKDIR certificates. Change the directory to that folder: CD /volume1/home/certificates
4. Next enter the following lines. Use whatever key you like on the first command, then re-enter it when prompted on each of the other steps. When prompted for information enter what you like but for name make sure you enter the public domain of your Synology DS. Also for the final line the parameter -days denotes how long the SSL certificate will last.
openssl genrsa -des3 -out some.key 2048
openssl rsa -in some.key -out some.nopass.key
openssl req -nodes -new -key some.key -out some.csr
openssl x509 -req -in some.csr -signkey some.key -out some.crt -days 365
5. This will have now created a certificate file and the key you need. Download the following files to your desktop (using \\IP of your Synology DS)
some.nopass.key
some.crt
6. Now login to the web interface of your Synology DS, go to the control panel, DSM Settings, HTTP Service, Check “Enable HTTPS Connections for web services” and click the button marked “Import Certificate”
7. For the private key select some.nopass.key and for the Certificate select some .crt finally your HTTP server (Apache) should restart.
==========
Note: to restart the Apache server manually, from the CLI: /usr/syno/etc/rc.d/S97apache-user.sh restart
Ai picat cum nu se poate mai bine: tocmai am patit-o si eu.
Imi pare bine ca am putut sa te ajut.
De-aia suntem aici
Toate cele bune,
PBNET Team