Unfortunately QNAP does not have Root and Intermediate Certificate Bundles, which means that no system software (such as Curl or Wget) can easily access SSL sites.
The following guide, taken partially by Stefan Wienert, allows you to install the complete bundled root certificates.
Connect via SSH to your QNAP NAS and type the following commands:
# cd /share/
# curl https://curl.haxx.se/ca/cacert.pem -O -k
# mkdir certs
# cat cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "certs/cert" n ".pem”}'
# cd certs
# for filename in cert*pem;do mv $filename `openssl x509 -hash -noout -in $filename`.0; done;
# cp *.0 /etc/ssl/certs/
I’ve tried in QTOS 4.2.x firmware released in May 2017 and it works perfectly.
Unfortunately I needed to adjust your script as the awk command has some trouble. As well, the curl command for cacert.pem seems to be outdated.
This actually worked for me, but thanks for the work you already did here.
cd /share/ curl --silent --location --remote-name --insecure https://curl.haxx.se/ca/cacert.pem mkdir certs cat cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {if(length($0) > 0) print > "certs/cert" n ".pem"}' for filename in cert*pem;do mv $filenameopenssl x509 -hash -noout -in $filename.0; done; cp *.0 /etc/ssl/certs/Hi Thank you for posting the above; it was very, very useful. In my case, I use Sophos UTM to do https inspection and thus I needed to get my own ‘dodgy’ CA installed on the Qnap. 😉 I just used gedit to edit my cacert.pem file and removed the lines above beginning and below end (lazy me), but when I tried the next part, the cert.pem resulted in an error, so I just changed that part to cacert.pem and it all worked perfectly, then I moved it into the certs directory (so the total CLI activity was as shown… Leggi il resto »
Sorry, when I wrote that the cert.pem resulted in an error, I meant to write that the cert*pem resulted in an error (so I just changed that part to cacert.pem and it worked). I tried to edit my initial comment, but for some reason it won’t let me edit. All the best and thank you once again, Briain
Hi Briain, it was a pleasure to help you!
I just used this to resolve my certs issue. Briain’s commands are missing the command “cd certs” after line 4 which causes the mv loop to fail
Thank you Andrea, my SABnzbd is up and firing.
upon a reboot, the certs Directory is gone, and the original failure returns. I have to rerun the scripts to fix.
Q – why does the certs directorey and the downloaded cacert.pem disappear?
I have problem with awk command the get error: awk: cmd. line:1: Unexpected token First part of cacert.pem is: ## ## Bundle of CA Root Certificates ## ## Certificate data from Mozilla as of: Tue Oct 26 03:12:05 2021 GMT ## ## This is a bundle of X.509 certificates of public Certificate Authorities ## (CA). These were automatically extracted from Mozilla's root certificates ## file (certdata.txt). This file can be found in the mozilla source tree: ## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt ## ## It contains the certificates in PEM format and therefore ## can be directly used with curl / libcurl / php_curl,… Leggi il resto »
I’m sorry Lorenzo but I no longer have a QNAP NAS to help you. Sorry!