QNAP – Openvpn – ca.crt change / path to upload certificate

IMPORTANT – I did not manage yet to get it to work – but, as goo**e did not get anything back to me – maybe someone can give me a comment, whilest managed it to get it to work. The following steps DID NOT lead to success!
I wondered why i can upload a certificate in my qnap – but its taken only for HTTPS and not – more importantly for openvpn.
As the OPENVPN ca.crt and the ca.key file are nearly public available – i just don’t want to trust them. As well they are only 1024 bit / but as the key is publicly known…

So – It took me a while to figure this:
The main config is in /etc/openvpn while the certificates are in this location:
/etc/config/openvpn/keys/

The openvpn config says this certificates are to use:
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/myserver.crt
key /etc/openvpn/keys/myserver.key

STOP HERE / Whilest you do not have your CA.crt at hand (The Certification Authority signed your Certificate) or you don’t kow what it is…
If you’re not up to Certificates or you don’t want to bother with a CLI (Command Line Interface) as openssl – i suggest XCA / which is a great tool in my opinion…

If you had uploaded your own certificate allready using the QNAP Admin Interface – it is stored here
/etc/stunnel/stunnel.pem

Still – you can’t upload your own CA. I wondered why qnap does not offer the possibility to use it also for openvpn. So – they store key and certificate in one file…


cp /etc/stunnel/stunnel.pem /etc/config/openvpn/keys/
cd /etc/config/openvpn/keys
mv myserver.crt myserver_backup.crt
mv myserver.key myserver_backup.key
cp ca.crt ca_backup.crt
openssl x509  -in stunnel.pem -out myserver.crt
openssl rsa -in stunnel.pem -out myserver.key
chmod 600 myserver.key

The CA (Certificate Authority) does not match now – this is kind of a problem as i don’t know what kind of Certificate you had build. You can go and make it self-signed…

Afterwards, you need to restart the openvpn service. When Downloading the openvpn-config the ca.crt should be know yours and not the one delivered.

QNAP – Openvpn – ca.crt change / path to upload certificate

2 Gedanken zu „QNAP – Openvpn – ca.crt change / path to upload certificate

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.