Free website SSL for my NAS

  Apache, NAS, vi

I own a couple of NAS boxes and I’m using 1 of them right now. My StartCom certificate was nearly about to expire, so I had to generate another CSR for the new certificate. In fact on Apache you can just use the same one I believe, but I wanted to ensure I used the newer 2048 encryption type. In order to do this on a ReadyNAS, you need to generate the CSR and I like to keep things neat, so firstly let’s create a directory for the year –

mkdir /etc/ssl/2016 && cd /etc/ssl/2016

We should the export the private key and generate the certificate signing request –

openssl genrsa -des3 -out 2048

openssl req -new -key -out

You then use the CSR to create your free certificate, or any authority you like. I used the free one with StartCom and I got mine for a 3 year expiry, which is handy!

Once we get the pem file back, we need to remove the password you set on the private key –

openssl rsa -in -out NOPASS.mynas.mydomain.key

You can then upload it to the nas or copy and paste the certificate and then add it into the same directory to file You need to edit a few settings in the /etc/ssl/openssl.cnf file. I changed –

dir = /etc/ssl

certificate = $dir/2016/mynas.mydomain.pem    # The CA certificate

private = = $dir/2016/NOPASS.mynas.mydomain.key # The private key

I’m not sure of a good way to link the apache config to use this new certificate, so what I did was just edit file – /etc/frontview/apache/apache.pem (copy it to /etc/frontview/apache/apache.pem.old first) and then delete the contents and paste in the private key and also the certificate pem file. You could do this –

cp /etc/frontview/apache/apache.pem /etc/frontview/apache/apache.pem.old && cat /etc/ssl/2016/NOPASS.mynas.mydomain.key > /etc/frontview/apache/apache.pem && cat /etc/ssl/2016/mynas.mydomain.pem >> /etc/frontview/apache/apache.pem

You need to also ensure the files are owned by root:root and security is set properly –

chown root:root /etc/ssl/2016/*

chmod 600 /etc/ssl/2016/*

Once that’s all done, just kill apache and start it again.

killall apache-ssl
/usr/sbin/apache-ssl -f /etc/frontview/apache/httpd.conf