HOWTO: Custom/signed SSL certificates in P5 version 6
Posted by Andre Kuehnemund, Last modified by Andre Kuehnemund on 30 January 2020 17:48
Starting with V6 P5 supports SSL for P5 Web GUI connections only. We do NOT (yet) support SSL for client/b2go connections.|
We provide our own self-signed certificate in order to enable SSL connections, but in many cases this may be unacceptable.
The self-signed certificate is located here: 'servers/lexxsrv/modules/nsssl/server.pem'.
There is a way to override the self-signed certificate. It is very simple: one needs to supply a PEM file (see https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) containing BOTH the certificate and the private key, That file must be created and saved in 'config/lexxsrv.pem'. The file itself is a plain text file containing two sections:
Both Synology and QNAP (and possibly others) include the ability to obtain free, officially signed SSL certificates from Let's Encrypt (https://letsencrypt.org/). When you obtain such a certificate, you'll find that it comes with 4 files: cert.pem, chain.pem, fullchain.pem & privkey.pem.
Any one of the first three certificate files can be used. You're also going to need the private key file (privkey.pem).
Step one would be to copy the certificate file to be used and the private key file into the P5 subfolder 'config'.
Next, you would need to concatenate the above two files into a single new file - with the certificate file coming first, then a line feed, then the private key file - like so: