How to install SSL/TLS on QNAP
First look for a certificate provider who can provide a free SSL/TLS for Server certificate. I have searched and compiled a list of free certificates who can provide a free certificate for QNAP.
I will show you how to get the certificate and install these on the QNAP from startssl.com, with this you can get unlimited free renewals.
Please check the list below:
List of free SSL/TLS certificates:
- https://startssl.com/
- https://buy.wosign.com/free ( some time you get untrusted seller ).
- https://letsencrypt.org/ ( Auto install with Plesk ).
- https://www.digitalberg.com/ssl-certificates/ssl-price/ (from top provider).
SSL/TLS
I’m going to start a sign up on StartSSL where you can decrypt the private key tool inside of the My Account link.
I have a QNAP PRO TS-269L, Firmware: 4.2.1
See the screenshot of where to apply for the certificates in the QNAP:
So we need a ‘certificate’, ‘Private key’ with encrypted and decrypted – both and ‘intermediate key’.
New Certificate keys must be installed on the QNAP on the first box, Decrypted private key for the second box in QNAP and intermediate certificate on third / last box in the QNAP, see the picture above.
QNAP security accepts a decrypted key instead of an encrypted private key so we have to use decrypt private key tool from StartSSL account or google it.
Let’s Start with Certificate
- Go to StartSSL.com
- Click on Sign-up
- Choose your country and personal / cooperate email.
- verify your code.
- Validate your Domain.
- Go to your account and click on certificate Wizard
- Select Web Server SSL/TLS Certificate
- Add your subdomain name for server. e.g. i have add ‘cloud’ before my domain.
- Next step is to create a CSR key for your cloud domain.
- For QNAP use Generate by PKI system with your password.
- Submit request, immediately you will get your Private Key and intermediate Key to download.
- Next step is to decrypt your encrypted Key certificate to decrypt for QNAP.
- Go back to your startSSL account then click on ‘ToolBox’.
- Look for decrypt Tool.
- Enter the Private Key into Enter Private Key and Password box and passphrase then click decrypt.
- Once you get your decrypted key please save this as decrypt private key.
- Now you should have intermediate key, decrypt key and Certificate ready in folder.
Now go to QNAP
- Login to your QNAP
- Go to Control panel > System settings > Security.
- Add your first ‘Certificate’ on first box
- Then Add your Decrypted Key on your QNAp second box. where mentioned: PrivateKey: please enter a certificate or private key in x.509PEM format below.
- last thing is to copy and paste this ‘intermediate key’ on the last / third box and then Apply. good to go!
- Go to your URL to check e.g. https://cloud.qureshi.me.
See all pictures to understand more in-depth.
- Sign up
2. Go to MyAccount and click on FREE Certificate
3. then Click on web server SSL/TLS
4. Add your Subdomain name and Create PKI Key with your password.
5. Once you download all certificates from Certificate List, go to Decrypt private ket tool. Copy and paste Private Key you just have download into the box below and pass.
6. Once you have decrypted private key, Copy and paste this into new text file and save it as Decrypt SSL key.
Go to QNAP:
- Copy and paste your Certificate on first box.
- Copy and paste your decrypt Private key into second box.
- Copy and paste intermediate key into QNAP third or last box then Apply wola!.
Hello, thanks for the detailed explanation on how to install free ssl certificates in our QNAP, but what domain should I use? I’m using a DDNS but I don’t have a different email registered to this domain, but in gmail only.
Any help you can provide me will be very welcome !!!
Thanks !!!!
Hi Carlos,
Can you please elaborate on DDNS? This SSL should work with any domain where you can managed DNS, subdomain etc.
Hola, el Dynamic Domain service I initiated from http://www.noip.com/ is a dynamic domain address that allow you to access your storage at home from the Internet.
Thanks!
Carlos Rivero
Generated by PKI is no longer possible. Please alternativ instructions? Thanks
Hi,
Sorry for late response. Alternate option is to download PKI software tool from startssl panel and use instead of PKI.
Regards
Great explanation, the only issue i have is that on Startssl.com where you select Generate by PKI system, this is not an available option but Generated by IE Browser to get .PFX format certificate is an option, can this be used instead?
See my response above.
You can use PKI software tool from StartSSL panel and generate key from the tool and use.
Dear Qureshi,
Thank for detailed explanation for QNAP, but problem now is StartSSL does not have an option for:
“Generate by PKI system” (Step no. 10 on “Let’s Start with Certificate”)
and not really familiar with SSH, etc
kind suggestion would greatly appreciated.
Thank You
Now you have two options:
1. Use StartComTool.exe from StartSSL admin panel
2. Go to SSL/TLS from cPanel to generate the key.
Both does the same job!
Regards
Can we use it with a domain at noip.com
You can use the OpenSSL tool (already installed on Qnap) to create the CSR and Private key.
To generate a pair of private key and public Certificate Signing Request (CSR) use the following command (SSH/putty to your Qnap):
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
I did it like that on my Qnap with StartSSL certificate, worked, plus no need to decrypt the private key.
Found here, its a link to the comodo website, but works with StartSSL as well:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/1027/0/csr-generation–qnap-nas