Installing your SSL certificates on the D-Link DNS-320L file storage
I bought at one time (before the crisis prices) file storage D-Link 320L, as much as 2 990 rubles (despite today's prices, I just want to cry). And recently, I wanted to set up WebDAV on it, but with access from the outside.
I threw port 443 through the router to the file storage, created a new ball, put the WebDAV hooks. I try to connect - with the help of FAR plugins everything is ok, but through Widnows the connection does not work as a network drive - it swears at certificates. He does not want to, and to put third-party pribludy - no desire.
It was decided: we get a free SSL certificate (in my opinion, on StartSSL I received it for my domain). I downloaded the files, a private key, with a contented face, climbed into the admin panel, so that certificates can be poured - but no! There is no such opportunity there! It was decided to start picking.
The steps are:
')
1) Fill the firmware from the official site with Addons support (today it is 1.08b08)
2) Install Addons from the site: OpenSSH, MC, vtCron
3) Find where there are certificates and replace them.
Having connected via SSH and executing “ps ax”, I saw that lighttpd was responsible for the web, dug up its config, and it indicated that the certificates (and public and private key) are in the same /etc/certificate_https_all.pem file. I deleted the old file, saved the new one (the order is as follows: the public key goes first, the private key goes second), restarted lighttpd. Everything is fine - the certificates were picked up, but after the reboot everything disappeared - everything in / etc is saved only until the reboot. Then all over again. In this regard, it was decided to save the file with certificates on the hard disk (in my case, on /mnt/HD_a4/script/cert.pem) and write a script that replaces the certificate file and restarts the web server.
As a semaphore, was the script already executed in this reboot or not, it was decided to use the / etc / sslupdate file. At startup, the script checks if the semaphore exists? If it exists, the script ends its work. If there is no semaphore, the script performs the following actions:
In order for the script to run, we go through the web-muzzle into the management of vtCron and register the script launch there once every five minutes (* / 5 * * * *)
Reboot the repository, everything works.
I threw port 443 through the router to the file storage, created a new ball, put the WebDAV hooks. I try to connect - with the help of FAR plugins everything is ok, but through Widnows the connection does not work as a network drive - it swears at certificates. He does not want to, and to put third-party pribludy - no desire.
It was decided: we get a free SSL certificate (in my opinion, on StartSSL I received it for my domain). I downloaded the files, a private key, with a contented face, climbed into the admin panel, so that certificates can be poured - but no! There is no such opportunity there! It was decided to start picking.
The steps are:
')
1) Fill the firmware from the official site with Addons support (today it is 1.08b08)
2) Install Addons from the site: OpenSSH, MC, vtCron
3) Find where there are certificates and replace them.
Having connected via SSH and executing “ps ax”, I saw that lighttpd was responsible for the web, dug up its config, and it indicated that the certificates (and public and private key) are in the same /etc/certificate_https_all.pem file. I deleted the old file, saved the new one (the order is as follows: the public key goes first, the private key goes second), restarted lighttpd. Everything is fine - the certificates were picked up, but after the reboot everything disappeared - everything in / etc is saved only until the reboot. Then all over again. In this regard, it was decided to save the file with certificates on the hard disk (in my case, on /mnt/HD_a4/script/cert.pem) and write a script that replaces the certificate file and restarts the web server.
#!/bin/sh if [ ! -e /etc/sslupdate ]; then touch /etc/sslupdate cp /mnt/HD_a4/script/cert.pem /etc/certificate_https_all.pem ps ax | grep lightt | grep -v grep | awk '{ system ("kill " $1) }' /usr/sbin/lighttpd-angel -D -m /usr/lighty_lib -f /etc/lighttpd/lighttpd.conf & fi As a semaphore, was the script already executed in this reboot or not, it was decided to use the / etc / sslupdate file. At startup, the script checks if the semaphore exists? If it exists, the script ends its work. If there is no semaphore, the script performs the following actions:
- Creates a semaphore about how it is executed;
- Copies the certificate from the hard disk to the / etc folder;
- Kills the processes that are associated with lighttpd;
- Runs lighttpd.
In order for the script to run, we go through the web-muzzle into the management of vtCron and register the script launch there once every five minutes (* / 5 * * * *)
Reboot the repository, everything works.
Source: https://habr.com/ru/post/310202/
All Articles