Importing a PossitiveSSL Certificate into synology

Currently reading
Importing a PossitiveSSL Certificate into synology

Good evening all, I have been using a Let's encrypt certificate for years issued to my subdomain " subdomain.domain_name.net". It happened that the script that renewed the cert had issues getting out due to some changes in the router which caused the cert to expire. I tried to renew it but it was not possible. I removed the cert and tried to create a new one, only to get a message "Failed to contact Let's encrypt server. Please make sure domain name is valid".

What I did is I generated a new CSR in synology for the same subdomain and bought a PositiveSSL cert from my Registar for 2 years and after activating it, they send the ca.crt and ca_bundle.crt file for it. Imported the certificate based on instructions on security-->certificate--add and gave

1. server.key
2. ca.crt
3. ca_bundle.crt

So far so good, certificate imported fine and shows its expiration date on 2022. After that I configured the services to use this cert and made it the default. Webserver restarted and all looks good I see the padlock green when browsing and connecting to DSM management interface, Fileserver and other services. My only issue is OpenVPN. This is broken.

I did export a new config file and imported that on OpenVPN GUI that I have installed on my windows 10 desktop but connection is not going through.

I get this error:

2021-03-02 22:00:43 VERIFY ERROR: depth=2, error=unable to get issuer certificate:
2021-03-02 22:00:43 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-03-02 22:00:43 TLS_ERROR: BIO read tls_read_plaintext error
2021-03-02 22:00:43 TLS Error: TLS object -> incoming plaintext read error
2021-03-02 22:00:43 TLS Error: TLS handshake failed
2021-03-02 22:00:43 SIGUSR1[soft,tls-error] received, process restarting


I'm not sure why only OpenVPN is having issues.

Here is some more info.

DSM version is 6.2.3-25426 update 3
OpenVPN is v2.5.1

Anyone has hit this issue? Is there any solution for this? I read some other link where they want you to concatenate and merge ca files but they were all at least 8 years old and things have changed. I tried some of them but I get the same error.

Any help is appreciated,
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
In Synology DSM 7.1.1-42962 Update 6 I have number of reverse proxy rules on different domains, and in the...
Replies
0
Views
545
thanks a lot my friend, I will ask their costumer service on Monday /hug
Replies
4
Views
935
  • Question
Thanks for the input Telos. Yes I have had that on my mind for some time. Found some potential guides on...
Replies
2
Views
1,070
  • Question
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
2,364
If a answer is still needed! You should import the cloudflare orgin server RSA PEM see doc. Origin CA...
Replies
1
Views
4,366
Replies
2
Views
3,086

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top