How to install SSL/TLS on QNAP

First look for a certificate provider who can provide a free SSL/TLS for Server certificate. I have searched and compiled a list of free certificates who can provide a free certificate for QNAP.

I will show you how to get the certificate and install these on the QNAP from startssl.com, with this you can get unlimited free renewals.

Please check the list below:

List of free SSL/TLS certificates:

  1. https://startssl.com/
  2. https://buy.wosign.com/free ( some time you get untrusted seller ).
  3. https://letsencrypt.org/ ( Auto install with Plesk ).
  4. https://www.digitalberg.com/ssl-certificates/ssl-price/ (from top provider).

SSL/TLS

I’m going to start a sign up on StartSSL where you can decrypt the private key tool inside of the My Account link.

I have a QNAP PRO TS-269L, Firmware: 4.2.1

See the screenshot of where to apply for the certificates in the QNAP:

View post on imgur.com

So we need a ‘certificate’, ‘Private key’ with encrypted and decrypted – both and ‘intermediate key’.

New Certificate keys must be installed on the QNAP on the first box, Decrypted private key for the second box in QNAP and intermediate certificate on third / last box in the QNAP, see the picture above.

QNAP security accepts a decrypted key instead of an encrypted private key so we have to use decrypt private key tool from StartSSL account or google it.

Let’s Start with Certificate

  1. Go to StartSSL.com
  2. Click on Sign-up
  3. Choose your country and personal / cooperate email.
  4. verify your code.
  5. Validate your Domain.
  6. Go to your account and click on certificate Wizard
  7. Select Web Server SSL/TLS Certificate
  8. Add your subdomain name for server. e.g. i have add ‘cloud’ before my domain.
  9. Next step is to create a CSR key for your cloud domain.
  10. For QNAP use Generate by PKI system with your password.
  11. Submit request, immediately you will get your Private Key and intermediate Key to download.
  12. Next step is to decrypt your encrypted Key certificate to decrypt for QNAP.
  13. Go back to your startSSL account then click on ‘ToolBox’.
  14. Look for decrypt Tool.
  15. Enter the Private Key into Enter Private Key and Password box and passphrase then click decrypt.
  16. Once you get your decrypted key please save this as decrypt private key.
  17.  Now you should have intermediate key, decrypt key and Certificate ready in folder.

Now go to QNAP

  1. Login to your QNAP
  2. Go to Control panel > System settings > Security.
  3. Add your first ‘Certificate’ on first box
  4. Then Add your Decrypted Key on your QNAp second box. where mentioned: PrivateKey: please enter a certificate or private key in x.509PEM format below.
  5. last thing is to copy and paste this ‘intermediate key’ on the last / third box and then Apply. good to go!
  6. Go to your URL to check e.g. https://cloud.qureshi.me.

See all pictures to understand more in-depth.

  1. Sign up

2. Go to MyAccount and click on FREE Certificate

3. then Click on web server SSL/TLS

4. Add your Subdomain name and Create PKI Key with your password.

5. Once you download all certificates from Certificate List, go to Decrypt private ket tool. Copy and paste Private Key you just have download into the box below and pass.

Decrypt tool

6. Once you have decrypted private key, Copy and paste this into new text file and save it as Decrypt SSL key.

Go to QNAP:

  1. Copy and paste your Certificate on first box.
  2. Copy and paste your decrypt Private key into second box.
  3. Copy and paste intermediate key into QNAP third or last box then Apply wola!.

 

11 replies
  1. Carlos
    Carlos says:

    Hello, thanks for the detailed explanation on how to install free ssl certificates in our QNAP, but what domain should I use? I’m using a DDNS but I don’t have a different email registered to this domain, but in gmail only.

    Any help you can provide me will be very welcome !!!

    Thanks !!!!

    Reply
  2. Neil
    Neil says:

    Great explanation, the only issue i have is that on Startssl.com where you select Generate by PKI system, this is not an available option but Generated by IE Browser to get .PFX format certificate is an option, can this be used instead?

    Reply
  3. ian
    ian says:

    Dear Qureshi,

    Thank for detailed explanation for QNAP, but problem now is StartSSL does not have an option for:
    “Generate by PKI system” (Step no. 10 on “Let’s Start with Certificate”)

    and not really familiar with SSH, etc
    kind suggestion would greatly appreciated.

    Thank You

    Reply
    • 123admin
      123admin says:

      Now you have two options:

      1. Use StartComTool.exe from StartSSL admin panel
      2. Go to SSL/TLS from cPanel to generate the key.

      Both does the same job!

      Regards

      Reply
  4. Billyboy
    Billyboy says:

    You can use the OpenSSL tool (already installed on Qnap) to create the CSR and Private key.

    To generate a pair of private key and public Certificate Signing Request (CSR) use the following command (SSH/putty to your Qnap):

    openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

    I did it like that on my Qnap with StartSSL certificate, worked, plus no need to decrypt the private key.

    Found here, its a link to the comodo website, but works with StartSSL as well:
    https://support.comodo.com/index.php?/Knowledgebase/Article/View/1027/0/csr-generation–qnap-nas

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *