Install Root & Intermediate Certificate Bundles on QNAP!

Unfortunately QNAP does not have Root and Intermediate Certificate Bundles, which means that no system software (such as Curl or Wget) can easily access SSL sites.

The following guide, taken partially by Stefan Wienert, allows you to install the complete bundled root certificates.

Connect via SSH to your QNAP NAS and type the following commands:

# cd /share/
# curl -O -k
# mkdir certs
# cat cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "certs/cert" n ".pem”}'
# cd certs
# for filename in cert*pem;do mv $filename `openssl x509 -hash -noout -in $filename`.0; done;
# cp *.0 /etc/ssl/certs/

I’ve tried in QTOS 4.2.x firmware released in May 2017 and it works perfectly.


4 2 votes
Article Rating
5 Commenti
più votati
più nuovi più vecchi
Inline Feedbacks
View all comments
05/10/2021 10:42

Unfortunately I needed to adjust your script as the awk command has some trouble. As well, the curl command for cacert.pem seems to be outdated.
This actually worked for me, but thanks for the work you already did here.

cd /share/
curl --silent --location --remote-name --insecure
mkdir certs
cat cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {if(length($0) > 0) print > "certs/cert" n ".pem"}' 
for filename in cert*pem;do mv $filename openssl x509 -hash -noout -in $filename.0; done;
cp *.0 /etc/ssl/certs/
06/05/2021 19:23

Hi Thank you for posting the above; it was very, very useful. In my case, I use Sophos UTM to do https inspection and thus I needed to get my own ‘dodgy’ CA installed on the Qnap. 😉 I just used gedit to edit my cacert.pem file and removed the lines above beginning and below end (lazy me), but when I tried the next part, the cert.pem resulted in an error, so I just changed that part to cacert.pem and it all worked perfectly, then I moved it into the certs directory (so the total CLI activity was as shown… Leggi il resto »

06/05/2021 19:27

Sorry, when I wrote that the cert.pem resulted in an error, I meant to write that the cert*pem resulted in an error (so I just changed that part to cacert.pem and it worked). I tried to edit my initial comment, but for some reason it won’t let me edit. All the best and thank you once again, Briain

26/11/2021 12:04

I just used this to resolve my certs issue. Briain’s commands are missing the command “cd certs” after line 4 which causes the mv loop to fail

Thank you Andrea, my SABnzbd is up and firing.

Last edited 1 mese fa by Emeljay42