Proper SSL configuration requires three things: 1) a private key; 2) a server certificate; 3) an intermediate certificate. You'll generate the key yourself (there are tutorials about this all over the place), and you'll get the other two files from your SSL provider.
The QNAP admin GUI allows you to upload your private key and your server certificate, but there is no way to include the intermediate certificate -- http://en.wikipedia.org/wiki/Intermedia ... uthorities -- that tells browsers that your server is well and truly secure. Without this intermediate certificate installed, most browsers will show a warning when connecting to your QNAP that "the certificate publisher cannot be verified," or something to that effect.
To fix this, you'll need to manually edit the PEM file that the QNAP GUI writes your keys to. Here we go...
- Log into your server. I suggest using Putty -- http://www.chiark.greenend.org.uk/~sgta ... nload.html.
- Enter the following code exactly:
Code: Select all
vi /etc/stunnel/stunnel.pem
- You should see wall of characters, mostly jibberish, looking something like this:
The top half is, of course, your private key. The bottom half is your server certificate. QNAP pushes these together to make stunnel.pem when you use the GUI to upload your SSL information.
Code: Select all
-----BEGIN RSA PRIVATE KEY----- [characters] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- [characters] -----END CERTIFICATE-----
- Type "a" in Putty, which will allow you to edit this file. Navigate to the bottom, just under ----END CERTIFICATE-----.
- Copy the entire contents of your intermediate certificate (you'll need to open it in Notepad or some other text editor to do this), and paste them into your Putty window.
- You should now have a file that looks like this:
Code: Select all
-----BEGIN RSA PRIVATE KEY----- [characters] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- [characters] -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- [characters] -----END CERTIFICATE-----
- To save the file, press Esc (which exits edit mode), then type ":wq!", which saves and quits.
- Restart stunnel with this command:
Code: Select all
/etc/init.d/stunnel.sh restart