From: | ab6540183 |
---|---|
Date: | 1/24/23 6:42 AM |
Topic: | Let's SSL certificate on XEAMS and QNAP question |
Type: | General Discussions |
Post a follow up |
Hi Xeams Support,
how are you?
I finally managed to request a Let's Encrypt SSL certificate on XEAMS which I am running as a QNAP package on my QNAP TS-251D with 16GB of ram. Under manage certificate I get:
Test Certificate: No - It's for production use But when I access my web interface using https...mail.domain.com it says that the site is insecure because it is testing the QNAP certificate which is normally self signed and not testing the Xeams Let's Encrypt certificate. I used this site to check the validity of the Xeams Let's Encrypt SSL certificate on the Xeams server: https...www.checktls.com Output:
How can I use the same certificate from Let' Encrypt from my mail server to my QNAP device? If I try to do it from my qnap device under security, replace with let's encrypt, it gives me an ACMA error for port 80 and 443. These ports are open but are being used by Xeams Thank you. Best regards ab6540183 |
|
Top |
From: | Synametrics Support |
---|---|
Date: | 1/24/23 10:16 AM |
Topic: | Let's SSL certificate on XEAMS and QNAP question |
Type: | General Discussions |
Post a follow up |
There are two formats of an SSL certificate:
When a certificate file is created, files for both formats are saved on the disk. The PKCS12 format is saved in $INSTALL_DIR/config/letenc.pfx and the PEM is saved in $INSTAL_DIR/letsEncrypt/*.* Assuming QNAP expects the PEM format, you will have to use that file and not *.pfx in QNAP. Moreover, everything is stored in a single file in case of PKCS12. However, PEM format uses multiple files to store private key and certs. |
|
Top |
From: | ab6540183 |
---|---|
Date: | 1/24/23 7:17 PM |
Topic: | Let's SSL certificate on XEAMS and QNAP question |
Type: | General Discussions |
Post a follow up |
Hi Synametrics Support,
Thank you for your reply.
I checked for PEM under $INSTAL_DIR/letsEncrypt/*.*, but I don't know how I can use these files under the QNAP Security/SSL certificate and private key. I think that I am going to find it difficult to install a Let's Encrypt Certificate automatically for the QNAP and Xeams concurrently. The problem is this in my opinion: I have to enable web server on QNAP (so that QNAP does not seize port 80) and change the default port 80 on the QNAP web server to some other port number in order for Xeams to use the http challenge to get a new certificate every 90 days. But this stops the Qnap from getting a Let's Encrypt certificate because now it is not listening to port 80 anymore because I made it available to Xeams. Perhaps it would be easier to buy a cheap 12 month device SSL certificate that I can use for Xeams and the Qnap. Obviosuly I would have to have both certificate's formats such as PKS and PEM in order to suit both situations. I was trying to run my own mail server at home, but it is becoming a real challenge now. Thank you. Best regards ab6540183
|
|
Top |