Create certificate in Synology NAS with self signed CA
If the CA certificate is managed by Synology NAS, following steps can be used to create a certificate under that CA.
Create certificate request
- Go to Control Panel -> Security -> Certificate
- Select CSR
- Select Create certificate signing request (CSR)
- Then fill up information required
- Select Download, the CSR will be downloaded into local machine
The downloaded file contains two files, server.key and server.csr.
Sign certificate
- Go to Control Panel -> Security -> Certificate
- Select CSR
- Select Sign certificate signing request (CSR) and select the root certificate to be used
- Use Browse button to select the CSR file in previous step
- Select Download, the CSR will be downloaded into local machine. The CSR file should be in archive folder, and named as server.csr
- In Subject Alternative Name, put both server full name and short name, or other names if the server is playing multiple roles.
- Click on Download, then a file named as server.crt is downloaded locally.
Import generated certificate
There are three files you have,
- The certificate file, name as server.crt
- The private file, name as server.key
-
The intermediate certificate file, such as syno-ca-cert.pem or other CA intermediate certificate
They also can be imported into synology certificate app for certificate management
- Go to Control Panel -> Security -> Certificate
- Select Add -> Add
- Select Add a new certificate
- Select Import certificate
- Click on Browse button for Private Key to select server.key file
- Click on Browse button for Certificate to select server.crt file
- Click on Browse button for Intermediate Certificate to select syno-ca-cert.pem file
- Click OK button