Link to home
Create AccountLog in
Avatar of adriaanvw
adriaanvwFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Synology Wildcard SSL Certificate

Hi,

I recently purchased a GoDaddy wildcard SSL certificate, which I intend to install on a Synology DS213 running DSM 4.2-3211. The problem I'm having is that, in order to use a wildcard SSL certificate, the Certficate Signing Request needs to be for a domain name in this format: *.mydomain.com

When I proceed to enter *.mydomain.com in the "Create signing certificate request (CSR)" dialogue box's "Common name" field, it rejects the asterisk. It will let me enter "mydomain.com" but not "*.mydomain.com".

I've tried copying and pasting "*.mydomain.com" directly into that field, which works, but when I click on the "Next" button nothing happens.

Does anyone know how to generate this type of CSR for a Synology device?

Thanks
User generated image
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

can you import a PFX? in which case, just generate your csr from xca and use that to create a pfx to import.
Avatar of adriaanvw

ASKER

I'm not familiar with XCA, but had another look at the Synology interface, which has an option to import a certificate (see screenshot). Should this be sufficient, or is there more to it?

ThanksUser generated image
ASKER CERTIFIED SOLUTION
Avatar of Dave Howe
Dave Howe
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hi,

Thanks for the advice. I had a bit of trouble working with XCA, but got it sorted in the end. Here is the procedure I followed:

1. Created the CSR using our Exchange 2013 server
2. Uploaded the CSR on the GoDaddy portal, completed verification and downloaded the Intermediary and Server certificates
3. Imported them on the Exchange 2013 server, as per GoDaddy's instructions
4. Exported them from the Exchange 2013 server in PFX format
5. Deleted the certificate from the Exchange 2013 server
6. Imported the PFX file into XCA
7. Using XCA, exported the Private key in PEM format, ticking the "Export as PKCS#8" box
8. Using XCA, exported the Certificate in "PEM All Certificates" format
9. Imported the Private key and Certificate onto the Synology device

Job done!
sounds good. you could of course have generated the CSR directly in xca, then skipped steps 3 4 5 and 6 :)