Import root certificate in Synology
Okay, thanks to Spiff I could solve the problem. Here is what I did:
Copy the cert (with ending .crt) to /usr/share/ca-certificates/randomsubfolder/
Import the cert in the list of all root-ca-certs:
sudo sh -c 'cat /usr/share/ca-certificates/randomsubfolder/cert >> /etc/ssl/certs/ca-certificates.crt'
Note: This is not officially supported by synology. A future DSM Update could restore the list of root-ca-certs to default and then you'd have to import the cert again.
Related videos on Youtube
Christian
Not very much: I am studying computer science and working in a smaller IT Department in a company in Zurich, Switzerland. I like computers, electronics (frequent Hackaday-reader ;)) and my motorcycle. I think that's it =)
Updated on September 18, 2022Comments
-
Christian over 1 year
I am looking for a way to import a root certificate in a synology server (the certificate comes from a ssl intercepting proxy).
I have copied the certificate to
/usr/share/ca-certificates/<somesubfolder>
And changed the permissions to 744 and owner to root:root. Then I made a symlink to the cert in
/etc/ssl/certs
This didn't change a thing, so I additionally modified the file
/etc/ca-certificates.conf
and added the line
<somesubfolder>/<certfile.crt>
Again, this didn't change the behaviour, still no connection possible to the outside world. Any ideas?
-
Spiff almost 8 yearsSo, you're trying to make it so this Synology box can initiate outgoing connections through a proxy?
-
Christian almost 8 years@Spiff yes this is the goal. For notifications and update checks and stuff like this.
-
Spiff almost 8 yearsDoes your Synology box have an "update-ca-certficates" command? Or maybe an "update-ca-trust" command?
-
Christian almost 8 years@Spiff Sorry I forgot to mention that I already tried that - no this command isn't available.
-
Spiff almost 8 yearsDoes your Synology box have a ` /etc/ssl/certs/ca-certificates.crt` (single fail containing all the trusted root CA certs)? If so, have you edited it to include your new root CA cert that you want to trust? If you don't have an
update-ca-certificates
command to do this, you might have to do it by hand. -
Christian almost 8 years@Spiff Thank you, that was it. I'm adding an answer with the complete process so other can solve this "problem" quicker.
-