Use OpenSSL to generate certificate for QNAP NAS SSL connection
From QNAPedia
Use OpenSSL to generate certificate for QNAP NAS SSL connection
Prework:
1.
Download OpenSSL installer from the following link:
http://www.slproweb.com/products/Win32OpenSSL.html
Note: If you have problem on running OpenSSL, you may also need to download and install the Visual C++ 2008 installer.
2.
Unzip to a folder you'd like and open the Windows Command Prompt window (Start -> All Programs -> Accessories -> Command Prompt) and move to the \bin folder inside.
(e.g. If you extracted it to C:\openssl; cd \openssl\bin )
Procedures:
1. Input the following command:
openssl genrsa -out priv.key 1024
1024 is the length, you may change it to the value you like.
2. Input the following command:
openssl req -new -key priv.key -out server.crt -x509 -days 365
This generate a public key(cert) according to the private key generated above; expiration date 365; X509 format
3. There should be a priv.key and a server.crt file under the directory
4. Drag the priv.key file into a browser. Copy and paste the content shown into the private key part of the NAS administration page.
5. Drag the server.crt file into a browser. Copy and paste the content shown into the certificate part of the NAS administration page.
6. Click Upload (Even if you enter the wrong format, the upload would succeed. That's where most people went astray)
7. Click "Download Certificate"
8. Unzip the certificate, it's 2 layer zipped file. You shall see a file "backup.cert"
9. Change the sub name to .crt
10. Import to your browser and then you may access the NAS via SSL.
==============================================================================
Update by Oliver Hilton:2011/10/18
Preparation:
1. Download OpenSSL installer from the following link: http://www.slproweb.com/download/Win32OpenSSL_Light-1_0_0e.exe
If you have problem on running OpenSSL, you may also need to download and install the Visual C++ 2008 installer: http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF
(There are also 64 bit versions of the above)
2. Open the command prompt and open bin folder of installation path. In this instance default is: CD C:\OpenSSL-Win32\bin
Procedure:
1. Input the following command: openssl genrsa -out priv.key 1024 (1024 is the length, you may change it to the value you like).
2. At this point you might get a warning message: “can’t open config file: /usr/local/openssl.cnf”. In this instance you need to set the path to the .cfg file supplied with installation. Input the following command: Set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg. If you get no messages then command succeeded.
3. Input the following command: openssl req -new -key priv.key -out server.crt -x509 -days 365. This generates a public key(cert) according to the private key generated above with expiration date 365 days, in X509 format. This command should have created 2 files in the C:\OpenSSL-Win32\bin directory, priv.key and server.crt.
4. Login to QNAP server and go to Home>>System Administration>>Security page, then click on “Import SSL Secure Certificate” tab.
5. Open priv.key in notepad, then copy and paste contents into the Private Key part of the NAS administration page.
6. Open server.crt in notepad, then copy and paste contents into the Certificate part of the NAS administration page.
7. Click UPLOAD and contents will copied to qnap.
8. When you next visit the page you will see some buttons have appeared Download certificate, Download private key and Restore default certificate.
9. Click Download certificate. This will download backup.cert.tgz.
10. Unzip the file. It is a 2 layer zipped file. You shall see a file called backup.crt.
11. Right-click on it and select “Install Certificate” in contextual menu. This will start the Certificate Import Wizard. Just use default options all the way.
12. Import to your browser and log in using SSL. Even though you might still get the “There is a problem with…” message the page is using your new certificate.
