Month: July 2022

Use Synology DSM to create Self Signed Certificate with custom CA

Posted on by Bian Xi Leave a Comment on Use Synology DSM to create Self Signed Certificate with custom CA

Use Synology DSM to create Self Signed Certificate with custom CA

To create custom CA and use it to create server certificate, Synology NAS can be used and manage them.

Create certificate with CA

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button and select Add menu item
  • Select Add a new certificate or Replace an existing certificate, then Next
  • Select Create self-signed certificate, then Next
  • Fill up information for Create root certificate for CA certificate, then Next
  • Fill up information for Create certificate for server certificate, then Apply

Following 4 certificates are created and can be exported

  • cert.pem - Server certificate
  • privkey.pem - Server Key
  • syno-ca-cert.pem - CA certificate
  • syno-ca-privkey.pem - CA Key

Create server certificate using CA above

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on CSR button
  • Select Create Certificate Singing Request, then Next
  • Fill up information for Create certificate signed request (CSR), then Next
  • Click on Download

Following files are created in downloaded ZIP file

  • server.csr
  • server.key

Signing server certificate

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on CSR button
  • Select Sign Certificate Singing Request, then Next
  • Select root certificate just created, then Next
  • Select server.csr file using Browse button next to the Certificate Request textbox
  • Fill up Subject Alternative Name, then Next
  • Click on Download

Following files are created in downloaded ZIP file

  • server.crt

Import server certificate

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button and select Add menu item
  • Select Add a new certificate or Replace an existing certificate, then Next
  • Fill up Description, select Import certificate, then Next
  • Select private key file and certificate file, then OK

References

self-signed-certificate-with-custom-ca.md

Import existing zpool as Proxmox storage

Posted on by Bian Xi Leave a Comment on Import existing zpool as Proxmox storage

Import existing zpool as Proxmox storage

Steps

Import zpool

zpool import <existing_pool_name> <new_pool_name>

Create storage

Create storage via GUI

You have to connect to the node where you create the zpool to create storage in Proxmox Datacenter.

References

ZFS Pool Import - Proxmox single host reinstall without full backup
zpool not shown when add storage

Disable Windows `thumbs.db` file creation

Posted on by Bian Xi Leave a Comment on Disable Windows `thumbs.db` file creation

Disable Windows thumbs.db file creation

Steps

  • Run gpedit.msc
  • Navigate to User Configuration -> Administrative Templates -> Windows Components -> File Explorer
  • Double-click on the Turn off the caching of thumbnails in hidden thumbs.db files setting
  • Select the Enabled option.
  • Click the OK button.

References

How to disable Windows Thumbs.db files from being created

Change configuration of `systemd-resolved`

Posted on by Bian Xi Leave a Comment on Change configuration of `systemd-resolved`

Change configuration of systemd-resolved

If the configuration in /etc/resolv.conf as below

...
nameserver=127.0.0.53
...

Most likely the DNS configuration is controlled by systemd-resolved service.

To confirm, run following command

lsof -i :53

or

ls -ld /etc/resolv.conf

Change configuration

Change /etc/resolv.conf

If change /etc/resolv.conf directly, the file will be overwritten by systemd-resolved again when next reboot, because the file /etc/resolv.conf is a link as below.

lrwxrwxrwx 1 root root 39 Oct  5  2021 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

If recreate the file /etc/resolv.conf, then it could be overwritten by systemd-resolved when run service reconfiguration.

Change /etc/systemd/resolved.conf

The configuration of systemd-resolved is in /etc/systemd/resolved.conf, it can be changed as below.

DNS=<DNS_Server>
Domains=<Doman_name>
....

References

Changing DNS with systemd-resolved

Error Starting Proxmox VM: `pve-ssl.pem` is empty

Posted on by Bian Xi Leave a Comment on Error Starting Proxmox VM: `pve-ssl.pem` is empty

Error Starting Proxmox VM: pve-ssl.pem is empty

Got following error when starting a Proxmox VM with Spice driver.

kvm: warning: Spice: reds.c:2893:reds_init_ssl: Could not load certificates from /etc/pve/local/pve-ssl.pem
kvm: warning: Spice: error:0909006C:PEM routines:get_name:no start line
kvm: warning: Spice: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
kvm: failed to initialize spice server
TASK ERROR: start failed: QEMU exited with code 1

pve-ssl.pem size

The file size of /etc/pve/local/pve-ssl.pem is 0.

Fix

Standalone server

Regenerate following files using method stated in https://pve.proxmox.com/wiki/Proxmox_SSL_Error_Fixing

/etc/pve/pve-root-ca.pem
/etc/pve/local/pve-ssl.key
/etc/pve/local/pve-ssl.pem

Cluster node

Copy following files from other Proxmox node, normally, /etc/pve/pve-root-ca.pem files are the same.

/etc/pve/nodes/<node_name>/pve-ssl.key
/etc/pve/nodes/<node_name>/pve-ssl.pem

Note: These certificates can be used for all nodes.
Note: /etc/pve/local is a link to nodes/<node_name>

References

Proxmox SSL Error Fixing