Import root certificate in Synology

linux certificate synology trusted-root-certificates
6,141

Okay, thanks to Spiff I could solve the problem. Here is what I did:

  1. Copy the cert (with ending .crt) to /usr/share/ca-certificates/randomsubfolder/

  2. Import the cert in the list of all root-ca-certs:

    sudo sh -c 'cat /usr/share/ca-certificates/randomsubfolder/cert >> /etc/ssl/certs/ca-certificates.crt'

Note: This is not officially supported by synology. A future DSM Update could restore the list of root-ca-certs to default and then you'd have to import the cert again.

Share:
6,141

Related videos on Youtube

Christian
Author by

Christian

Not very much: I am studying computer science and working in a smaller IT Department in a company in Zurich, Switzerland. I like computers, electronics (frequent Hackaday-reader ;)) and my motorcycle. I think that's it =)

Updated on September 18, 2022

Comments

  • Christian
    Christian over 1 year

    I am looking for a way to import a root certificate in a synology server (the certificate comes from a ssl intercepting proxy).

    I have copied the certificate to

    /usr/share/ca-certificates/<somesubfolder>

    And changed the permissions to 744 and owner to root:root. Then I made a symlink to the cert in 

    /etc/ssl/certs

    This didn't change a thing, so I additionally modified the file

    /etc/ca-certificates.conf

    and added the line

    <somesubfolder>/<certfile.crt>

    Again, this didn't change the behaviour, still no connection possible to the outside world. Any ideas?

    • Spiff
      Spiff almost 8 years
      So, you're trying to make it so this Synology box can initiate outgoing connections through a proxy?
    • Christian
      Christian almost 8 years
      @Spiff yes this is the goal. For notifications and update checks and stuff like this.
    • Spiff
      Spiff almost 8 years
      Does your Synology box have an "update-ca-certficates" command? Or maybe an "update-ca-trust" command?
    • Christian
      Christian almost 8 years
      @Spiff Sorry I forgot to mention that I already tried that - no this command isn't available.
    • Spiff
      Spiff almost 8 years
      Does your Synology box have a ` /etc/ssl/certs/ca-certificates.crt` (single fail containing all the trusted root CA certs)? If so, have you edited it to include your new root CA cert that you want to trust? If you don't have an update-ca-certificates command to do this, you might have to do it by hand.
    • Christian
      Christian almost 8 years
      @Spiff Thank you, that was it. I'm adding an answer with the complete process so other can solve this "problem" quicker.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?
OpenSSL Error: Error loading extension section server
VeriSign Universal Root Certification Authority missing
Script to move files between folders on a Synology server
Can't verify an openssl certificate against a self signed openssl certificate?
Curl NSS error -12190 - Error in TLS handshake
Resolving the dreaded "an attempt was made to access a token that does not exist" in Win7 64-bit?
Synology SSH Root password does not work
The SSL CA cert (path? access rights) on Ubuntu 16?
SSL certificate: EE certificate key too weak