Use OpenSSL to generate certificate for QNAP NAS SSL connection

From QNAPedia
Jump to navigation Jump to search

Update by mjw:2012/9/16   

Preparation:

1. Download OpenSSL installer from the following link: http://slproweb.com/download/Win32OpenSSL_Light-1_0_1e.exe
If you have problem on running OpenSSL, you may also need to download and install the Visual C++ 2008 installer: http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF

(There are also 64 bit versions of the above - http://www.microsoft.com/en-us/download/details.aspx?id=15336)

2. Open the command prompt (must Run As Administrator, otherwise you get the error - unable to write 'random state') and open bin folder of installation path. In this instance default is: CD C:\OpenSSL-Win32\bin

3, Ensure that HTTPS (port 443) is forwarded on your router to your QNAP


Procedure:

1. Input the following command: openssl genrsa -out priv.key 1024 (1024 is the length, you may change it to the value you like).

2. At this point you might get a warning message: “can’t open config file: /usr/local/openssl.cnf”. In this instance you need to set the path to the .cfg file supplied with installation. Input the following command: Set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg. If you get no messages then command succeeded.

3. Input the following command: openssl req -new -key priv.key -out server.crt -x509 -days 365. This generates a public key(cert) according to the private key generated above with expiration date 365 days, in X509 format.

You will be asked to enter the following information:

  1. Country Name (2 letter code) [AU]:
  2. State or Province Name (full name) [Some-State]:
  3. Locality Name (eg, city) []:
  4. Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  5. Organizational Unit Name (eg, section) []:
  6. Common Name (e.g. server FQDN or YOUR name) []:xyz.MyCloudNas.com
  7. Email Address []:

The critical thing is to ensure that you enter the public DNS name for your QNAP as the Common Name. The easiest way to set up a DNS name is to set up the MyCloudNAS for your QNAP. Replace xyz with whatever name you registered when you set up MyCloudNAS.

After completing this step, the command should have created 2 files in the C:\OpenSSL-Win32\bin directory, priv.key and server.crt.

4. Login to QNAP server and go to Home>>System Administration>>Security page, then click on “SSL Secure Certificate & Private Key” tab.

5. Open priv.key in notepad, then copy and paste contents into the Private Key part of the NAS administration page.

6. Open server.crt in notepad, then copy and paste contents into the Certificate part of the NAS administration page.

7. Click UPLOAD and contents will copied to qnap.

8. When you next visit the page you should now see a message

Status: Uploaded secure certificate being used

9. In Windows Explorer, right click on on the file C:\OpenSSL-Win32\bin\server.crt and select "Install Certificate". This will start the Certificate Import Wizard. Just use default options all the way

10. Enter the address of your QNAP in your web browser.

https://xyz.MyCloudNas.com

Even though you might still get the “There is a problem with…” message the page is using your new certificate.

Troubleshooting:

http://www.sslshopper.com/ssl-checker.html#hostname=xyz.MyCloudNas.com