These NAS use by default a list of certificates from public certification authorities. There are no problems in using them, and since they come by default, they require much less (or no) configuration.

In case we use an internal CA, such as the one installed with Microsoft Windows Server , or one based on Linux / Unix , using the included openssl tools, then we will have to make additional configurations.

The procedure is as follows:

  • Enable SSH access to the NAS.
  • Login via SSH.
  • Stop the AppArmor service.
/usr/syno/etc.defaults/rc.sysv/apparmor.sh stop
  • Add the internal CA certificate to the NAS certificate store.
cp myca.crt /usr/share/ca-certificates/mozilla
  • Create a symbolic link to the certificate directory.
ln -s /usr/share/ca-certificates/mozilla/myca.crt /etc/ssl/certs/myca.pem
  • Hashear that symbolic link.
ln -s /etc/ssl/certs/myca.pem $(openssl x509 -hash -noout -in myca.pem).0
  • Once imported and installed.
  • Disable the SSH service.