SSL/TLS Certificate using Start.com and QNAP – Updated


Since the last time I created an SSL key for my QNAP Start.com changed their website, its actually a little easier to navigate. Here is a quick tutorial…

First you need to create a CSR (Certificate Signing Request). Start offers a utility for generating one on their site, I used it. Fill in your Domain Name, National Name, Private Key Name, Password is optional, then hit the Generate CSR button

SNAG-0067
wait for it to generate the key

SNAG-0068

Go to the Validations Wizard and here it will validate your domain, this must match the CSR domain from above

SNAG-0072

Hit the Validation button, a validation code will be sent to the email on file, in this case Dimitris@neon.net.

SNAG-0073

Then go to the Certificates Wizard and select Web Server SSL/TLS Ceertificate and click Continue.

SNAG-0074

Enter your domain into the top box (the red one here) and click outside the box, it should have a green check mark if its good to go, if not, do not go further until you figure out what is wrong. in this case its because I don’t own the domain but you get the idea. SNAG-0078

SNAG-0075

Enter your CSR from above and make sure to click on the “Geneated by PKI system”, enter a password for your private key.

SNAG-0077

You will get a popup window for downloading your “Private Key”, download and save.

SNAG-0079

Then hit the “submit” button.

SNAG-0080

Confirm you downloaded the key. This is your PRivate Key in an encrypted state.

SNAG-0081

For the QNAP this Private Key must be decrypted.

Decrypt it using the website and save it.

SNAG-0070

The remaining keys are then created for you to download.

SNAG-0082

The file contents of the zipped file are as follows.


SNAG-0083

For the QNAP we need the “OtherServer” file contents.

SNAG-0084

SNAG-0086
After entering the Key’s as labeled above, then hit the “Apply” button.. wait a couple of minutes and all should be good.

In the event that you get the keys wrong and get locked out of the QNAP, SSH into the QNAP and copy the default.pem file after stopping the tunnel, then restarting it. This should allow you to log back in and fix the problem.

[/] # /etc/init.d/stunnel.sh stop

[/] # cp /etc/default_config/stunnel/stunnel.pem /etc/stunnel/stunnel.pem

[/] # /etc/init.d/stunnel.sh start

 

 

Leave a comment

Your email address will not be published. Required fields are marked *