SSL certificate installation (Let’s Encrypt)

Hi,
I have a My Cloud EX2 Ultra (v2.21.126) and would like to use it remotely.
For that I have my own domain connected with dyn dns. Additionally I would like to use HTTPS protocoll. So I got a ssl certificate from “Let’s Encrypt”-CA for my domain. Obviously the default wd2go.com-certificate will not work with my domain.
Now I have an open SSH session and the .pem-files, but don’t know how to install them on my WD-device.
The files are:

ca-…-crt.der
ca-…-crt.pem
domain-all.pfx
domain-chain.pem
domain-crt.der
domain-crt.pem
domain-csr.pem
domain-gen-csr.json
domain-gen-key.json
domain-key.pem
Registration
Signer

I have to say, that I’m not a ssl and linux pro, so maybe you could help me to install my own certificate or at least to tell me the commands I have to google for (openssl?). Is there anything special with a WD My Cloud device in this case?

Edit: The certificate is needed for WebDAV.

Thanks a lot!

Maas

Hi,

Let’s see if an experienced User can shed some light with us on this situation.

Hi,
I converted the “domain-cert.pem” to “domain-cert.crt” and the “domain-key.pem” to “domain-key.key” with openssl.
Also I found out that the default WD certificate is located at “\usr\local\config\server.crt” and “\var\www\rest-api\config\server.crt” (both locations includes “\server.key”).

The question is now if it’s enough to replace the “server.crt” and “server.key” files with my own certificate and key?

I would guess at the end the wd2go connection (including the WD-App) would get lost, but that would be OK for me, because I’m not interested to have WD-server as middle point. I want to have a direct connection to my NAS via my domain and dyn dns with standard protocolls (WebDAV). So I can integrate my NAS into my existing software environment without using any additional WD-software or WD-servers.

Maas

Ok, I tested just replacing the files and it worked for WebDAV.

  1. Save/Backup the following files located at “\usr\local\config”: certificate_https_all.pem | server.ca-bundle | server.crt | server.key

  2. Convert and rename your CA-files with openssl:
    domain-cert.pem → server.crt
    domain-key.pem → server.key
    openssl converting commands: http://stackoverflow.com/a/38408666

  3. Rename bundle file:
    domain-chain.pem → server.ca-bundle

  4. Combine:
    domain-key.pem + domain-crt.pem → certificate_https_all.pem

  5. Replace the 4 new files in “\usr\local\config”

As I said I’m not a ssl or linux pro, so I just tried it out and it works, but I can’t say how this change will affect on other features of My Cloud Firmware. SMB is working properly and the configuration/administration interface still uses the wd2go-certificate under https address. For me everything is fine so far.

Would be great if WD could implement this certificate setting as a feature, so that the people can use the NAS as a real (worldwide) and secure private cloud.

Maas

5 Likes

@Maas glad to see you figured this out. My problem is very similar to yours, but I’m stuck at the very beginning, getting LetsEncrypt / Certbot setup. Once that’s done I can follow what you did. Could you clarify how you did that? Thanks.