Install Root & Intermediate Certificate Bundles on QNAP!

Unfortunately QNAP does not have Root and Intermediate Certificate Bundles, which means that no system software (such as Curl or Wget) can easily access SSL sites.

The following guide, taken partially by Stefan Wienert, allows you to install the complete bundled root certificates.

Connect via SSH to your QNAP NAS and type the following commands:

# cd /share/
# curl https://curl.haxx.se/ca/cacert.pem -O -k
# mkdir certs
# cat cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "certs/cert" n ".pem”}'
# cd certs
# for filename in cert*pem;do mv $filename `openssl x509 -hash -noout -in $filename`.0; done;
# cp *.0 /etc/ssl/certs/

I’ve tried in QTOS 4.2.x firmware released in May 2017 and it works perfectly.

 

4 2 votes
Article Rating
Subscribe
Notificami
guest

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.

8 Commenti
più votati
più nuovi più vecchi
Inline Feedbacks
View all comments
Maximilian
Maximilian
05/10/2021 10:42

Unfortunately I needed to adjust your script as the awk command has some trouble. As well, the curl command for cacert.pem seems to be outdated.
This actually worked for me, but thanks for the work you already did here.

cd /share/
curl --silent --location --remote-name --insecure https://curl.haxx.se/ca/cacert.pem
mkdir certs
cat cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {if(length($0) > 0) print > "certs/cert" n ".pem"}' 
for filename in cert*pem;do mv $filename openssl x509 -hash -noout -in $filename.0; done;
cp *.0 /etc/ssl/certs/
Briain
06/05/2021 19:23

Hi Thank you for posting the above; it was very, very useful. In my case, I use Sophos UTM to do https inspection and thus I needed to get my own ‘dodgy’ CA installed on the Qnap. 😉 I just used gedit to edit my cacert.pem file and removed the lines above beginning and below end (lazy me), but when I tried the next part, the cert.pem resulted in an error, so I just changed that part to cacert.pem and it all worked perfectly, then I moved it into the certs directory (so the total CLI activity was as shown… Leggi il resto »

Briain
06/05/2021 19:27

Sorry, when I wrote that the cert.pem resulted in an error, I meant to write that the cert*pem resulted in an error (so I just changed that part to cacert.pem and it worked). I tried to edit my initial comment, but for some reason it won’t let me edit. All the best and thank you once again, Briain

Emeljay42
Emeljay42
26/11/2021 12:04

I just used this to resolve my certs issue. Briain’s commands are missing the command “cd certs” after line 4 which causes the mv loop to fail

Thank you Andrea, my SABnzbd is up and firing.

Last edited 8 mesi fa by Emeljay42
Emeljay42
Emeljay42
14/03/2022 11:11
Reply to  Emeljay42

upon a reboot, the certs Directory is gone, and the original failure returns. I have to rerun the scripts to fix.

Q – why does the certs directorey and the downloaded cacert.pem disappear?

Lorenzo
Lorenzo
26/01/2022 14:30

I have problem with awk command the get error: awk: cmd. line:1: Unexpected token First part of cacert.pem is: ## ## Bundle of CA Root Certificates ## ## Certificate data from Mozilla as of: Tue Oct 26 03:12:05 2021 GMT ## ## This is a bundle of X.509 certificates of public Certificate Authorities ## (CA). These were automatically extracted from Mozilla's root certificates ## file (certdata.txt).  This file can be found in the mozilla source tree: ## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt ## ## It contains the certificates in PEM format and therefore ## can be directly used with curl / libcurl / php_curl,… Leggi il resto »