Step 1 Create a self-signed SSL certificate in Windows
The first step is to create a simple text file in notepad , and name it cert.txt.
Once open add the following lines:-
[NewRequest]
; At least one value must be set in this section
Subject = “CN=server.mydomain.com”
KeyLength = 2048
Exportable=TRUE
KeyAlgorithm = RSA
MachineKeySet = true
RequestType = Cert
Note: You’ll need to replace server.mydomain.com with the Fully Qualified Domain Name (FQDN) record you wish to use for your SSL certificate. This can also be defined as an IP address if you only wish to use the service inside a private network.
The important section is that we set RequestType = Cert. This option indicates a self-signed or self-issued certificate. It does not generate a request, but rather a new certificate and then installs the certificate. Self-signed is the default.
To actually create the certificate, run the following command in an elevated Windows command prompt:
%Windir%\System32\certreq.exe -new cert.txt
This will create and import the certificate into windows certificate store and prompt to save a copy.
Step 2 Export the certificate as a pfx file
Once the certificate has been created run the command
certutil -store my
This will view all the certificates in your Personal Store.
Find the serial number for the certificate you have just created and using this serial number run the command
certutil -exportPFX -p “MyPassword” my 6988c33715ba4a854d8ad56d4943aee9 server.mydomain.com.pfx
(Where ‘MyPassword‘ is a unique password you know and 6988c33715ba4a854d8ad56d4943aee9 is the serial number of your certificate)
Step 3 Export key file from this new certificate in the pfx file
Download and install openssl from https://www.openssl.org/
Once you have installed openSSL open a command prompt and run the command…
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
Then to convert this key file to unencrypted key file run the command
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
Step 4 Export the certificate
The final step is to export the certificate so you can upload it to the nas using the command
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
You can now add this certificate file to the Synology NAS as needed.
