0

My Synology uses self-signed certificate, so I need to include it with curl --cacert /path/to/cert.pem to connect safely from a terminal to NAS using https. How can I find this certificate on my Synology?

cert.pem file exported with Synology web interface 'Control panel' > Security > Certificate > action > 'export certificate' is (probably) not the right certificate.

$ curl --cacert /path/to/cert.pem 192.168.1.10
* error setting certificate file: cert.pem

Using with ssh:

$ sudo find . -name cacert.pem

Synology only finds docker paths like ./volume1/@docker/btrfs/subvolumes/.../cecert.pem

Async
  • 1

1 Answers1

0
#!/bin/bash

# Function to display usage information
usage() {
    echo "Usage: $0 <nas_ip>"
    echo "Example: $0 192.168.1.10"
    exit 1
}

# Check if an IP address was provided
if [ -z "$1" ]; then
    usage
fi

NAS_IP=$1

# SSH into the NAS
echo "Attempting to SSH into Synology NAS at ${NAS_IP}..."
ssh admin@${NAS_IP} << EOF
    echo "Searching for CA certificate files..."

    # Search for all .pem files
    sudo find / -name "*.pem" -type f | grep -v "@docker" > /tmp/cert_files.txt

    # Display list of found certificates
    echo "Found potential certificate files:"
    cat /tmp/cert_files.txt

    # Check each file to see if it's a CA cert
    echo "Checking each certificate for CA properties..."
    while IFS= read -r line; do
        if openssl x509 -in "$line" -text -noout 2>/dev/null | grep -q "CA:TRUE"; then
            echo "Found CA certificate at: $line"
            # Copy this certificate to a temporary location for transfer
            sudo cp "$line" /tmp/ca-cert.pem
            break
        fi
    done < /tmp/cert_files.txt

    # If CA cert found, prepare for download
    if [ -f "/tmp/ca-cert.pem" ]; then
        echo "Copying CA certificate to local machine..."
        scp admin@${NAS_IP}:/tmp/ca-cert.pem ./ca-cert.pem
    else
        echo "No CA certificate found or accessible."
    fi

    # Clean up
    sudo rm -f /tmp/cert_files.txt /tmp/ca-cert.pem
EOF

# Check if the certificate was successfully copied
if [ -f "./ca-cert.pem" ]; then
    echo "CA certificate has been copied locally. Use with curl like this:"
    echo "curl --cacert ./ca-cert.pem https://${NAS_IP}"
else
    echo "Failed to obtain the CA certificate. Please check if you have access to the correct files or if there's an issue with SSH permissions."
fi
warashi nguyen
  • 109