NAS326: install SSL certificate via scp

mahowi
Posts: 6
Freshman Member

Hello,
is it possible to copy my Letsencrypt certificate via scp to my NAS326? Where are the certificates stored?
I'm currently copying my certificate via renewal-hooks to my router and a Raspberry Pi. I would like to use the same cert on my NAS and have it automatically renewed.
#NAS_Mar_2020
is it possible to copy my Letsencrypt certificate via scp to my NAS326? Where are the certificates stored?
I'm currently copying my certificate via renewal-hooks to my router and a Raspberry Pi. I would like to use the same cert on my NAS and have it automatically renewed.
#NAS_Mar_2020
0
Accepted Solution
-
Thanks for the tip. I've already installed Tweaks but have overseen this option.
I have written a script "/etc/letsencrypt/renewal-hooks/post/nas326-cert-update.sh"#!/bin/bash # parameters USER="root" LEPATH="/etc/letsencrypt" BATCH="nas.sftp" HOST=nas326 sftp -b $LEPATH/$BATCH [email protected]$HOST ssh -t [email protected]$HOST "reboot"
and the batch file for sftp "/etc/letsencrypt/nas.sftp"put /etc/letsencrypt/live/[your URL]/cert.pem /etc/zyxel/cert/default.cer put /etc/letsencrypt/live/[your URL]/privkey.pem /etc/zyxel/cert/key/default_key.cer
Now everytime my Letsencrypt certificate gets renewed it is copied automatically to my NAS.0
All Replies
-
Ok, I've found the directory
/etc/zyxel/cert
There are the filesCA.cer CSR.p10 default.cer
and the directory "key" withCA_key.cer CSR_key.p10 default_key.cer
So "CA.cer" ist the current certificate with the corresponding key "CA_key.cer". "CSR.p10" and "CSR_key.p10" belong to the Certificate Signing Request". What are "default.cer" and "default_key.cer" for?
Can I replace CA.cer and CA_key.cer with fullchain.pem and privkey.pem form my Letsencrypt certificate?
0 -
I have found 2 HowTos on Zyxel support sites: https://support.zyxel.eu/hc/en-us/articles/360011585960-How-to-import-Let-s-Encrypt-certificate-on-NAS-series-storage and https://mysupport.zyxel.com/hc/en-us/articles/360006916979--NSA-NAS-How-to-fix-certificate-error-on-browser-when-accessing-NAS-WebUI.
Both tell me to copy the certificate to /etc/zyxel/cert/default.cer and the key to /etc/zyxel/cert/key/default_key.cer.
As scp is not available on NAS326 I used sftp to copy the files. But neither using the original files as in the first guide nor the files converted to DER format with openssl work. After rebooting my NAS the original self-signed certificate ist still used.
BTW: Is the /root directory not persistent beween reboots? To use a script as renewal-hook I need a non-interactive login method. Therefor I copied my śsh pubkey to root account but after reboot /root is empty again. And also changes in /etc/ssh/sshd_config get reverted.0 -
Ok, I finally got my Letsencrypt cert installed.
You have to remove CA.cer then default.cer is used. Now I have to find a way to get ssh work with public key login so I can write a script to automate the renewal.0 -
Now I have to find a way to get ssh work with public key login so I can write a script to automate the renewal.
Indeed the /root directory is volatile. I wrote a package Tweaks, which can change the homedirectory for root (and admin) to a non-volatile place. You can install Tweaks by first installing MetaRepository.
1 -
Dear Mahowi,I have the same problem re expiring certificate after following the steps in https://mysupport.zyxel.com/hc/en-us/articles/360006916979--NSA-NAS-How-to-fix-certificate-error-on-browser-when-accessing-NAS-WebUII created "default.cer", still have the old "ca.cer" and after reboot the NAS still uses old "ca.cer"You wrote: You have to remove CA.cer then default.cer is used.I assume you refer to the /etc/zyxel/cert/ directory. Can you confirm that it is absolutely safe to remove the old "ca.cer" certificate?Should I also remove the "CA_key.cer" in the /etc/zyxel/cert/key/ directory?0
Categories
- 8.5K All Categories
- 1.6K Nebula
- 71 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 981 Switch
- 46 Switch Ideas
- 874 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 157 Service & License
- 280 News and Release
- 59 Security Advisories
- 13 Education Center
- 580 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight
Consumer Product Help Center
