malmeloo/certificates.md

## certificates.md

      
    Raw
  

              certificates.md
            
          
    Fullchain certificates on my NAS

/usr/syno/etc/certificate/system/default/fullchain.pem
/usr/syno/etc/certificate/smbftpd/ftpd/fullchain.pem
/usr/syno/etc/certificate/_archive/QIHwyu/fullchain.pem
/usr/syno/etc/certificate/ReverseProxy/449539a7-191b-4e75-abc8-05e81abbece5/fullchain.pem
/usr/local/etc/certificate/SynologyDrive/SynologyDrive/fullchain.pem
/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/fullchain.pem
/usr/local/etc/certificate/ReplicationService/snapshot_receiver/fullchain.pem
/usr/local/etc/certificate/LogCenter/pkg-LogCenter/fullchain.pem

Certificates overview

Default certificate ID: /usr/syno/etc/certificate/_archive/DEFAULT
Info stored in /usr/syno/etc/certificate/_archive/INFO
Example entry:
{
   "QIHwyu" : {
      "desc" : "",
      "services" : [
         ...
         {
            "display_name" : "DSM Desktop Service",
            "display_name_i18n" : "common:web_desktop",
            "isPkg" : false,
            "multiple_cert" : true,
            "owner" : "root",
            "service" : "default",
            "subscriber" : "system",
            "user_setable" : true
         },
         ...
      ],
      "user_deletable" : true
   }
}

Similar data can be found in /usr/syno/etc/certificate/_archive/SERVICES, but this simply lists all available services and not necessarily the linked certificates.
Note that /usr/syno/etc/certificate/_archive/{CERT_ID}/{cert,chain,fullchain,privkey}.pem always contains a copy of every certificate.
The file owner / group of each of the certificate files should be the name specified in the owner field.
Getting service certificate path from overview

Base path: /usr/{type}/etc/certificate/{subscriber}/{service}/

{type} -> local if isPkg = true, else syno
{subscriber} / {service} -> simply copy from overview

See first section (certificates on my NAS) for examples.
Individual certificate info

Given a base path, {path}/info contains information about a specific certificate for that service. Example from /usr/local/etc/certificate/SynologyDrive/SynologyDrive/info on my system:
{
   "certs":[
      {
         "cert": "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/cert.pem",
         "chain":"/usr/local/etc/certificate/SynologyDrive/SynologyDrive/fullchain.pem",
         "key":"/usr/local/etc/certificate/SynologyDrive/SynologyDrive/privkey.pem"
      }
   ],
   "service":"SynologyDrive",
   "subscriber":"SynologyDrive"
}
Applying changes to certificates

Coming soon:tm:
No results found