Use Synology DSM to create Self Signed Certificate with custom CA

To create custom CA and use it to create server certificate, Synology NAS can be used and manage them.

Create certificate with CA

• Launch Control Panel => Security
• Click on Certificate tab
• Click on Add button and select Add menu item
• Select Add a new certificate or Replace an existing certificate, then Next
• Select Create self-signed certificate, then Next
• Fill up information for Create root certificate for CA certificate, then Next
• Fill up information for Create certificate for server certificate, then Apply

Following 4 certificates are created and can be exported

• cert.pem - Server certificate
• privkey.pem - Server Key
• syno-ca-cert.pem - CA certificate
• syno-ca-privkey.pem - CA Key

Create server certificate using CA above

• Launch Control Panel => Security
• Click on Certificate tab
• Click on CSR button
• Select Create Certificate Singing Request, then Next
• Fill up information for Create certificate signed request (CSR), then Next
• Click on Download

Following files are created in downloaded ZIP file

• server.csr
• server.key

Signing server certificate

• Launch Control Panel => Security
• Click on Certificate tab
• Click on CSR button
• Select Sign Certificate Singing Request, then Next
• Select root certificate just created, then Next
• Select server.csr file using Browse button next to the Certificate Request textbox
• Fill up Subject Alternative Name, then Next
• Click on Download

Following files are created in downloaded ZIP file

• server.crt

Import server certificate

• Launch Control Panel => Security
• Click on Certificate tab
• Click on Add button and select Add menu item
• Select Add a new certificate or Replace an existing certificate, then Next
• Fill up Description, select Import certificate, then Next
• Select private key file and certificate file, then OK

References

self-signed-certificate-with-custom-ca.md