Syno> cd ssl -ash: cd: can't cd to ssl Syno> mkdir ssl Syno> cp /volume1/public/openssl.cnf /usr/syno/ssl |
Syno>
openssl genrsa -des3 -out ca.key 1024 Generating RSA private key, 1024 bit long modulus ...........++++++ ........++++++ e is 65537 (0x10001) Enter pass phrase for ca.key: Verifying - Enter pass phrase for ca.key: |
La passe phrase est demandée à deux reprises. |
Syno>
openssl req -new -key ca.key -out ca.csr Enter pass phrase for ca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:Fr State or Province Name (full name) [Some-State]:France Locality Name (eg, city) []:Grenoble Organization Name (eg, company) [Internet Widgits Pty Ltd]:monorganisationamoi Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Syno00113203399 Email Address []:trucmuch@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:monmotdepasse An optional company name []: |
Attention,
le système va vous poser plusieures questions : Entrez votres passphrase = "JadoreLes3ballesdeMoussequipoussentSurLamousse" Country name = Fr State or Province = France Locality Name or City = Paris Organization Name = Ma boutique à Moi Organizational Unit (section) = on peut ne rien mettre Common Name = Syno001132033899 ==> correspond à la MacAdresse du Syno lors de la création de ce certificat. Lors de la création du certificat serveur, nous mettrons ici l'adresse internet du Synology (DDNS). Email Adress = monadresse@zanadoo.fr Challenge Password = on peut ne rient mettre mais le mieux est d'entrer un mot de passe que l'on va retenir. |
Syno> openssl x509
-req -days 7300 -in ca.csr -signkey ca.key -out ca.crt Signature ok subject=/C=Fr/ST=France/L=Grenoble/O=monorganisationamoi/CN=Syno00113203399 /emailAddress=trucmuch@gmail.com Getting Private key Enter pass phrase for ca.key: |
Syno> openssl
genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .............................++++++ .................................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: |
Syno>
openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:Fr State or Province Name (full name) [Some-State]:France Locality Name (eg, city) []:Grenoble Organization Name (eg, company) [Internet Widgits Pty Ltd]:monorganisationamoi Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:monsyno.dyndns.org Email Address []:trucmuch@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:monmotdepasse An optional company name []: |
Attention,
le système va vous poser les mêmes questions que précédemment : Ce coup-ci nous allons répondre différent à la question "common name" Nous devons mettre l'adresse internet réelle. Le mieux est d'utiliser une adresse de type DynDns, car la validité de notre certificat tiendra sur le nom du site. Si nous changeons d'adresse, il faudra prévoir de refaire le certificat. Common Name = monsyno.dyndns.org |
Syno> openssl x509
-req -days 7300 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01
-out server.crt Signature ok subject=/C=Fr/ST=France/L=Grenoble/O=monorganisationamoi/CN=Syno00113203399 /emailAddress=trucmuch@gmail.com Getting ca Private key Enter pass phrase for ca.key: |
Syno> ls ca.crt ca.key server.crt server.key ca.csr openssl.cnf server.csr |
cp -r ssl /usr/syno/etc/ssl.back |