QNAP SSL Administration

Download PDF

Introduktion

 

A Certificate Signing Request (CSR) is required when ordering an SSL-certificate, this is generated from a private key.

 

If you wish to create the private key yourself you will also have to generate the CSR, follow Generating a CSR followed by Installation of SSL certificate

 

Generating a CSR

 

In this example we have used a single DNS name, which works for both standard and SAN certificates, for a wildcard the Common name should be replaced with *.fairssl.dk

 

To be able to generate the CSR and complete the order you will need the following information:

 

  • Common Name (CN): The primary fully qualified domain name. e.g.: www.fairssl.dk
  • Organization Name (O): The full company name, exactly as presented in CVR. e.g.: FairSSL A/S (is only required for OV and EV certificates)
  • Organizational Unit (OU): The department that is to use the certificate. It may not be possible to conflate the name with another company. IT is recommended to leave it empty or use the company name. e.g.: FairSSL A/S (is not used any more and should be left empty)
  • Locality (L): City name. e.g.: Ørum Djurs
  • State (S): State or municipality, in Denmark the municipality is used. e.g.: Norddjurs
  • Country (C): ISO-standard two-letter country code, must be capitalised. e.g.: DK

 

we use openssl for creating the private key and CSR. openssl is installed under C:\OpenSSL-Win32\bin on windows, and /usr/local/ssl/bin on Linux in a default installation.

 

Generating a CSR on Windows

 

You can download OpenSSL for free here https://slproweb.com/download/Win32OpenSSL_Light-1_1_0i.exe. Execute the file without changing any settings for a default installation.

 

  1. Press windows key + r

Enter cmd

Click OK

 

 

  1. Execute the following command to create a private key:

 

c:\OpenSSL-Win32\bin\openssl.exe genrsa -out c:\SSL\www.fairssl.dk.key 2048

 

 

  1. Execute the following command to create a CSR from the private key you created in the previous step:

 

c:\OpenSSL-Win32\bin\openssl.exe req -new -key c:\SSL\www.fairssl.dk.key -out c:\SSL\www.fairssl.dk.csr

 

Enter the information you collected earlier, remember to capitalise Country Name. Don't enter anything in the last three fields, see the following example:

 

Country Name: DK

State or Province Name: Norddjurs

Locality Name: Ørum Djurs

Organization Name: FairSSL A/S

Prganizational Unit Name: FairSSL A/S

Common Name: www.fairssl.dk

Email Address:

A Challenge Password:

An Optional Company Name:

 

 

  1. you can confirm that your CSR works correctly with the following command:

 

c:\OpenSSL-Win32\bin\openssl.exe req -noout -text -in c:\SSL\www.fairssl.dk.csr

 

 

  1. Open the CSR file with a text editor (e.g. notepad) and copy the entire text, incl. all the dashes at the beginning and end.

During the certificate ordering process you paste the text into the CSR field.

The following is an example of a complete CSR text:

 

 

A CSR does not contain any confidential information, and there is no security risk by sending it through an unencrypted mail or similar.

 

Generating a CSR on Linux

 

  1. Execute the following command to create a private key:

 

sudo openssl genrsa -out /etc/ssl/private/www.fairssl.dk.key 2048

 

 

  1. Execute the following command to create a CSR from the private key you created in the previous step:

 

sudo openssl req -new -key /etc/ssl/private/www.fairssl.dk.key -out /etc/ssl/private/www.fairssl.dk.csr

 

Enter the information you collected earlier, remember to capitalise Country Name. Don't enter anything in the last three fields, see the following example:

 

Country Name: DK

State or Province Name: Norddjurs

Locality Name: Ørum Djurs

Organization Name: FairSSL A/S

Prganizational Unit Name: FairSSL A/S

Common Name: www.fairssl.dk

Email Address:

A Challenge Password:

An Optional Company Name:

 

 

  1. you can confirm that your CSR works correctly with the following command:

 

sudo openssl req -noout -text -in /etc/ssl/private/www.fairssl.dk.csr

 

 

  1. Open the CSR file with a text editor (e.g. sudo nano /etc/ssl/private/www.fairssl.dk.csr) and copy the entire text, incl. all the dashes at the beginning and end.

Insert the copied text in the CSR field during the certificate ordering.

The following is an example of a complete CSR text:

 

 

A CSR does not contain any confidential information, and there is no security risk by sending it through an unencrypted mail or similar.

 

Installation of SSL certificate

 

  1. Open the QNAP control panel.

Click Security

Click Certificate & Private Key

 

  1. Copy the server certificate from the email and paste it into certificate, remember all the dashes before and after.

Copy the intermediate certificates from the email and paste them into Intermediate Certificate, remember all the dashes before and after

Open your private key with a text editor (Linux: sudo nano /etc/ssl/private/www.fairssl.dk.key Windows cmd: notepad c:\ssl\www.fairssl.dk.key).

Copy the private key and paste it into Private Key, remember all the dashes before and after.

Click Apply

 

 

We recommend that you test the installation with our server tester on https://www.fairssl.net/en/ssltest/

 

Intermediate certificates

 

Here you can find the intermediate certificates from different Certificate Authorities.

We recommend that you use the intermediate certificate you got with your server certificate, and only download from here in case you lose it, as the one you get in the mail will always be the correct one for your server certificate.

 

Intermediate certificates