BackupAssist Rsync – Creating a Self Signed SSL certificate for your Synology NAS

Step 1 Create a self-signed SSL certificate in Windows

The first step is to create a simple text file in notepad , and name it cert.txt.

Once open add the following lines:-

[NewRequest]
; At least one value must be set in this section
Subject = “CN=server.mydomain.com”
KeyLength = 2048
Exportable=TRUE
KeyAlgorithm = RSA
MachineKeySet = true
RequestType = Cert

Note: You’ll need to replace server.mydomain.com with the Fully Qualified Domain Name (FQDN) record you wish to use for your SSL certificate. This can also be defined as an IP address if you only wish to use the service inside a private network.

The important section is that we set RequestType = Cert. This option indicates a self-signed or self-issued certificate. It does not generate a request, but rather a new certificate and then installs the certificate. Self-signed is the default.

To actually create the certificate, run the following command in an elevated Windows command prompt:

%Windir%\System32\certreq.exe -new cert.txt

This will create and import the certificate into windows certificate store and prompt to save a copy.

Step 2 Export the certificate as a pfx file

Once the certificate has been created run the command 

certutil -store my

This will view all the certificates in your Personal Store.

Find the serial number for the certificate you have just created and using this serial number run the command

certutil -exportPFX -p “MyPassword” my 6988c33715ba4a854d8ad56d4943aee9 server.mydomain.com.pfx

(Where ‘MyPassword‘ is a unique password you know and 6988c33715ba4a854d8ad56d4943aee9 is the serial number of your certificate)

Step 3 Export key file from this new certificate in the pfx file

Download and install openssl from  https://www.openssl.org/

Once you have installed openSSL open a command prompt and run the command…

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

Then to convert this key file to unencrypted key file run the command

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

Step 4 Export the certificate

The final step is to export the certificate so you can upload it to the nas using the command

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

You can now add this certificate file to the Synology NAS as needed.

Copy link
Powered by Social Snap