1. Go to the email where it is requested to complete the configuration process, click on the link
2. Go into DSM > Control Panel > Security > Certificate > Right click the certificate and click on renew
3. Download the archive.zip containing the CSR (the one you need) and a private key. Open server.csr. Copy the text
4. On the website paste the CSR and go through the menu. Choose admin@domain.com to send the emails to
5. Approve the request and a new email will be send with the certificate
6. Open command line and paste the certificate into server.crt
7. Test for the issuer to find the intermediate: openssl x509 -in server.crt -text -noout | grep -E "Issuer:|CA Issuers"
CA Issuers - URI:http://secure.globalsign.
8. Download if needed: curl -O http://secure.globalsign.com/
9. Convert:
openssl x509 -inform DER -in gsgccr6alphasslca2025.crt -out intermediate_pem.crt
cat server.crt intermediate_pem.crt > fullchain.crt
10. Verify:
openssl verify -untrusted fullchain.crt server.crt
openssl verify -untrusted fullchain.crt server.crt
server.crt: OK
11. Install the new certificate by adding a new certificate in DSM (and choose to replace the *.domain.com)
Important:
-Use intermediate_pem.crt as intermediate, otherwise use fullchain.crt
-If needed, just install a new one and delete the old one afterwards
12. Make new certificate default one
13. Go to Dropbox and place the new files there
No comments:
Post a Comment