Install Synology CA Certificate into Linux OS

Posted on by Bian Xi

Install Synology CA Certificate into Linux OS

To trust Synology self generated CA in Linux OS, following steps can be used.

Export Synology CA Certificates from NAS

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button
  • Select the certificate named as synology
  • Select Explore certificate, then Next

There will be 4 files in the downloaded ZIP file

cert.pem
privkey.pem
syno-ca-cert.pem
syno-ca-privkey.pem

Copy the Synology CA certificate

Copy file syno-ca-cert.pem to server folder and rename it to .crt

cp syno-ca-cert.pem /usr/local/share/ca-certificates/syno-ca-cert.crt
update-ca-certificates

Note: the certificate file name must be .crt

Restart service

For any services used certificate generated by Synology CA certificate, restart the service

systemctl restart <service>

Test CA

Use openssl command

Run following commands

openssl s_client -connect server_address:443 -CAfile /usr/local/share/ca-certificates/syno-ca-cert.crt
openssl s_client -connect server_address:443 -CApath /etc/ssl/certs

Should return 0 (ok)

Verify return code: 0 (ok)

Use curl command

curl --verbose <URL> --cacert /usr/local/share/ca-certificates/syno-ca-cert.crt
curl --verbose <URL>

References

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


The reCAPTCHA verification period has expired. Please reload the page.