Renew the Let’s Encrypt certificate for Synology using SSH

When for some reasons, the Let’s Encrypt certificate has not be renewed on your Synology and those bloody stupid Web browsers won’t let you connect to the DSM for “Security Reasons”, you can still count on SSH to solve the problem. Simply run:

# /usr/syno/sbin/syno-letsencrypt renew-all

Where there’s shell, there’s a way.

Let’s Encrypt Apache using OpenBSD

The other day, I discovered that my StartSSL certificate was not trustable anymore. That caused one of my vhost to display the Your connection is not secure alert page. Here’s how I switched to Let’s Encrypt using Apache 2.4 and OpenBSD 6.1.

Continue reading “Let’s Encrypt Apache using OpenBSD”

Trust the CA on OpenBSD

This website provides some HTTPS service. I bought the SSL certificate from a French provider called “Gandi”. Unfortunately, it seems their issuer is not known by OpenBSD nor is their own CA trusted by Firefox. As this is in the FAQ, they provide the CA file to manually import in Firefox. Once done, Firefox trusts the whole SSL path. We’ll use this to install the SSL trust path in OpenBSD ; in the OpenSSL instance.
Continue reading “Trust the CA on OpenBSD”

Back to the sea ; the Certificate Authority (CA), episode IV

OpenBSD FAQ and manpages is full of “how to generate your self-signed certificate”. That’s OK.
But I you get several services, as I’m gonna get, this means you’ll have to deploy every certificate to every client so that they trust them. Creating your own CA enables you to only deploy the CA file to your client. Then, they will trust any certificate that were signed by it.
Plus, it’s fun :p

Continue reading “Back to the sea ; the Certificate Authority (CA), episode IV”

My NetBSD Certificate Authority (CA) with OpenSSL

I created a private certificate authority with OpenSSL on NetBSD tu use in my personal LAN. The certificates are used to authenticate servers in SSL/TLS mode and also to remotely connect to my LAN using VPN.
Continue reading “My NetBSD Certificate Authority (CA) with OpenSSL”