Loading Now
Personal , , , , , , , , ,

Secure Your QNAP: Step-by-Step SSL/TLS Installation Guide

Begin by selecting an SSL/TLS certificate authority that offers free server certificates. To save you time, I’ve put together a list below of trusted providers that supply complimentary certificates suitable for QNAP systems.

This guide walks you through the process of obtaining an SSL/TLS certificate—using startssl.com as an example—and installing it on your QNAP NAS. These providers typically allow unlimited free renewals.

Explore the recommended free SSL/TLS certificate issuers here:

Free SSL/TLS Certificate Providers:

  1. https://startssl.com/
  2. https://buy.wosign.com/free (Note: This provider may sometimes be flagged as untrusted).
  3. https://letsencrypt.org/ (Supports automatic installation via Plesk).
  4. https://www.digitalberg.com/ssl-certificates/ssl-price/ (International provider).

Understanding SSL/TLS on QNAP

This tutorial is based on a QNAP PRO TS-269L running firmware version 4.2.1. When configuring SSL on QNAP, you’ll need three main components: the certificate, the decrypted private key, and the intermediate certificate.

For reference, here’s an example screenshot showing where to input these details on your QNAP:

View post on imgur.com

Simply put:

  • Upload the Certificate in the first field,
  • Paste the Decrypted Private Key into the second field,
  • Enter the Intermediate Certificate in the third field.

QNAP requires a decrypted private key rather than an encrypted one. You can utilise the decryption utility provided by your certificate provider (like StartSSL) or search online for other tools that decrypt SSL private keys.

How to Request and Install an SSL/TLS Certificate on QNAP

  1. Open the StartSSL website.
  2. Click ‘Sign-up’.
  3. Enter your country, personal or business email address.
  4. Verify the confirmation code sent to your email.
  5. Validate ownership of your domain.
  6. Log in and go to the certificate wizard.
  7. Choose the Web Server SSL/TLS option.
  8. Enter your subdomain (e.g., use ‘cloud’ if you want cloud.yourdomain.com).
  9. Create a Certificate Signing Request (CSR) for your chosen subdomain.
  10. For QNAP, select ‘Generate by PKI system’ and set a strong password.
  11. Submit your request and download the Private Key and the Intermediate Certificate.
  12. Decrypt your Private Key—required for QNAP—using the tool in your StartSSL account.
  13. Return to your account and access the ‘Toolbox.’
  14. Find the Decrypt tool.
  15. Paste your Private Key, enter the passphrase, and click ‘Decrypt.’
  16. Save the output as your decrypted private key file.
  17. You should now have a folder containing your certificate, decrypted private key, and intermediate certificate.

How to Upload SSL/TLS Certificates to your QNAP

  1. Log in to your QNAP interface.
  2. Navigate to Control Panel > System Settings > Security.
  3. Paste your ‘Certificate’ into the first field.
  4. Paste your decrypted private key (in x.509 PEM format) in the second field.
  5. Paste the Intermediate Certificate into the third field and press ‘Apply’. You’re all set!
  6. Test your setup by visiting your secure URL (e.g., https://cloud.yourdomain.com).

Step-by-step Images and Additional Guidance

  1. Sign up for a free SSL certificate account

2. Go to your account dashboard and click on ‘FREE Certificate’

3. Select ‘Web Server SSL/TLS’

4. Add your subdomain, generate the PKI Key, and confirm your password.

5. After downloading your certificate files, use the Decrypt Private Key tool. Paste your downloaded key with its passphrase.

Decrypt tool

6. Save the decrypted key in a separate text file, labelled as ‘Decrypted SSL Key.’

Final Steps on QNAP:

  1. Paste your Certificate into the first box.
  2. Paste your decrypted Private Key into the second box.
  3. Paste your Intermediate Key in the third box, then click ‘Apply’. That’s it!

Having trouble applying the certificate? If you receive an error message or the certificate isn’t being recognised, double-check that all contents are in the correct PEM format (with appropriate BEGIN/END tags) and that you’ve not included extra spaces or characters. Sometimes, a reboot is required for changes to take effect on certain QNAP models.

Tag

11 comments

comments user
Carlos

Hello, thanks for the detailed explanation on how to install free ssl certificates in our QNAP, but what domain should I use? I’m using a DDNS but I don’t have a different email registered to this domain, but in gmail only.

Any help you can provide me will be very welcome !!!

Thanks !!!!
Reply
    comments user
    Qureshi

    Hi Carlos,

    Can you please elaborate on DDNS? This SSL should work with any domain where you can managed DNS, subdomain etc.
    Reply
comments user
Carlos

Hola, el Dynamic Domain service I initiated from http://www.noip.com/ is a dynamic domain address that allow you to access your storage at home from the Internet.

Thanks!

Carlos Rivero
Reply
    comments user
    Ivo

    Generated by PKI is no longer possible. Please alternativ instructions? Thanks
    Reply
      comments user
      Qureshi

      Hi,

      Sorry for late response. Alternate option is to download PKI software tool from startssl panel and use instead of PKI.

      Regards
      Reply
comments user
Neil

Great explanation, the only issue i have is that on Startssl.com where you select Generate by PKI system, this is not an available option but Generated by IE Browser to get .PFX format certificate is an option, can this be used instead?
Reply
    comments user
    Qureshi

    See my response above.

    You can use PKI software tool from StartSSL panel and generate key from the tool and use.
    Reply
comments user
ian

Dear Qureshi,

Thank for detailed explanation for QNAP, but problem now is StartSSL does not have an option for:
“Generate by PKI system” (Step no. 10 on “Let’s Start with Certificate”)

and not really familiar with SSH, etc
kind suggestion would greatly appreciated.

Thank You
Reply
    comments user
    123admin

    Now you have two options:

    1. Use StartComTool.exe from StartSSL admin panel
    2. Go to SSL/TLS from cPanel to generate the key.

    Both does the same job!

    Regards
    Reply
comments user
Tom

Can we use it with a domain at noip.com
Reply
comments user
Billyboy

You can use the OpenSSL tool (already installed on Qnap) to create the CSR and Private key.

To generate a pair of private key and public Certificate Signing Request (CSR) use the following command (SSH/putty to your Qnap):

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

I did it like that on my Qnap with StartSSL certificate, worked, plus no need to decrypt the private key.

Found here, its a link to the comodo website, but works with StartSSL as well:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/1027/0/csr-generation–qnap-nas
Reply

Post Comment