Enable SSL for Hashicorp Vault

Posted on 29/11/2021 by Bian Xi Leave a Comment

Enable SSL for Hashicorp Vault

Update configuration

vault.json

cat vault.json
{
  "backend": {
    "file": {
      "path": "/vault/file"
    }
  },
  "listener": {
    "tcp":{
      "address": "0.0.0.0:8200",
      "tls_enable": 1,
      "tls_cert_file": "/vault/config/cert.pem",
      "tls_key_file": "/vault/config/privkey.pem"
    }
  },
  "ui": true
}

Copy certificate files

Copy into /vault/config folder

Restart vault container

Unseal

References

Hashicorp - SSL/TLS Question #212

Replace Certificate in Synology NAS

Posted on 23/09/202117/11/2021 by Bian Xi Leave a Comment

Replace Certificate in Synology NAS

Fill up info

Following steps can be used to replace certificate (not renew) in Synology NAS user interface.

Go to Control Panel -> Security -> Certificate
Select Add -> Add
Select Replace an existing certificate
Choose the certificate to be replaced
Select Get a certificate from Let's Encrypt
Fill up info, includes domain, email, alias (seperated by semi-colons)

Change port forwarding

Now, make sure Synology NAS can be accessed from internet via port forwarding at port 80 and 443 if required.

Suggest using A * record in DNS entry to avoid DNS change. Use NGINX to redirect traffic to this host.

Generate

Then generate certificate.

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Tag: https

Enable SSL for Hashicorp Vault

Update configuration

Copy certificate files

Restart vault container

Unseal

References

Replace Certificate in Synology NAS

Fill up info

Change port forwarding

Generate