Location of SSL certs?

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
Post Reply
goodelyfe
Know my way around
Posts: 122
Joined: Tue Jul 01, 2014 5:50 pm

Location of SSL certs?

Post by goodelyfe » Mon Jul 29, 2019 4:13 am

If im using Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate"

where are the certs being saved?

I'm trying to remedy me replacing the certs in whichever (for whatever app/service) directory every renewal (if that makes sense?)

RussellNS
New here
Posts: 3
Joined: Wed Jul 03, 2019 4:22 am

Re: Location of SSL certs?

Post by RussellNS » Tue Aug 27, 2019 10:46 pm

I'm having a similar issue. To put the TLDR (so to speak) up front, I found the QNAP SSL certs in:

Code: Select all

/mnt/HDA_ROOT/.config/stunnel
In my use case, I don't want to expose port 80 on my NAS to the outside world at all. So I have a Docker container on another box that downloads and auto-renews free certs from Let's Encrypt, and places them in a 'private' directory on the NAS. Everything works, fine and dandy. However, when I go to update the cert the same way you describe (NAS Web GUI -> Control Panel --> System --> Security --> Certificate & Private Key -> "Replace Certificate" -> Import Certificate -> Certificate -> click "Browse"), it wants me to provide a file that's on my local host. I can't seem to provide a file/symlink/path to a certificate that already exists on the NAS. This kind of breaks the automation behind the 'auto-renew' of the Docker container. In essence, the Docker container will auto-renew the cert in a path on the NAS, but the NAS Web GUI has to be manually updated every renewal.

So I went digging for the path to these files in hopes I could create a symbolic link to the cert files that the Docker container will automatically renew. In this way, I hope to not have to have any manual steps. I hope that aging certs will get auto-renewed by the Docker container and the NAS Web GUI will always point to whatever current cert is.

I haven't played around with the files in the path up above yet, other than to view the original, self signed certs that were there, and then manually import the certs from Let's Encrypt. The certs in this directory do in fact update.

Hope this helps.

User avatar
Toxic17
Ask me anything
Posts: 5377
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Location of SSL certs?

Post by Toxic17 » Wed Aug 28, 2019 5:08 am

have you tried LEgo?

viewtopic.php?f=320&t=132911

you can put the certs wherever you want.
Regards Simon

QTS 4.x User Guidex

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.4.2.1302 • TVS-463-16GB 4.4.2.1302 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.1161 • APC Back-UPS ES 700G •
QPKG's: Plex 1.19.3 • Apache73 v2443.74060 • QSonarr 3.0.3.809 • QNBZGet 21.0 • phpMyAdmin 5.0.2 • Qmono 6.80.105 • McAfee 3.1.0 -6010 • HBS 3.0.200424 • LEgo v3.6.0
Network: VM Hub 3.0 <500/35> • UniFi USG Pro 4 • UniFi USW-16-150W • UniFi USW-8-60W • UniFi CloudKey Gen2+ • UniFi G3-Flex • UAP AC Pro • UAP AC Lite • SLM2008 • Dell 7050 MFF •

User avatar
oyvindo
Experience counts
Posts: 1092
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: Location of SSL certs?

Post by oyvindo » Wed Jan 22, 2020 4:46 am

RussellNS wrote:
Tue Aug 27, 2019 10:46 pm
I'm having a similar issue. To put the TLDR (so to speak) up front, I found the QNAP SSL certs in:

Code: Select all

/mnt/HDA_ROOT/.config/stunnel
That does not seem to be the location used when certificate files are imported. Only if they are retrieved directly from Let's Encrypt or if your restore back to default.
Do you have any idea where imported certificates are stored?
ImageImageImageImageImage

Wotf783
First post
Posts: 1
Joined: Sun Dec 28, 2014 8:39 pm

Re: Location of SSL certs?

Post by Wotf783 » Sun Jan 26, 2020 12:56 am

Hi,

I did little search because i did almost same thing as @RussellNS and I crossed to this library: https://github.com/Yannik/qnap-letsencrypt
In README there is actually nice info about QNAP behavior, but that's out of topic.

But as you can see in section #setting-up-qnap-letsencrypt, a third step is

Code: Select all

mv /etc/stunnel/stunnel.pem /etc/stunnel/stunnel.pem.orig
which I thought it would be it. But it was not.
I checked what stunnel is and decided to have a little fun and break what i can.

I found out that the main certificates are actually backups. 🤣

So the location is:

Code: Select all

/etc/stunnel/
:
certificate:

Code: Select all

/etc/stunnel/backup.cert
private key:

Code: Select all

/etc/stunnel/backup.key

User avatar
oyvindo
Experience counts
Posts: 1092
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: Location of SSL certs?

Post by oyvindo » Sun Jan 26, 2020 2:03 am

No, that is not correct.
After much research and experimenting, I found that what happens duwing certificat generating (and during import), is that the *.cert and *.key file is merged and stored in the stunnel.pem file. Whatever was in there previously is extracted and saved as backup.cert and backup.key.
I was able to verify this by simply deleting both backup files, and guess what? The certificates continue to work just as they should. But if I delete the pem, file, it fails.
ImageImageImageImageImage

Post Reply

Return to “Miscellaneous”