With DSM version 4.2-3202 certificate management has been added:

Certificate Management

Certificate management allows you to create a self-signed certificate or a certificate request, or import certificates to DSM for encrypted services, such as web (HTTPS), FTP, RADIUS server, and mail services. You can view info regarding your server certificate, including expiration date, issuer, and subject (common name) in Control Panel > DSM Settings.

Obviously VPN services are not supported, so I describe the easy configuration for the HTTP web service only; if anybody knows how to reuse these certificates for the VPN service, please let me know.

Creating a self signed certificate is easy and not command line driven.

2013-06-04_1827

 

Add your Subject Alternative Names (SAN) when needed, finally export certificates and keys:

 

2013-06-04_1834

 

The following files are exported:

 

 

2013-06-04_1839

Login to your Synology NAS and find the following files:

-r——– 1 root root 1679 Jun 4 17:27 /usr/syno/etc/ssl/ssl.key/ca.key
-r——– 1 root root 1679 Jun 4 18:28 /usr/syno/etc/ssl/ssl.key/server.key
-r——– 1 root root 1452 Jun 4 17:27 /usr/syno/etc/ssl/ssl.crt/ca.crt
-r——– 1 root root 1476 Jun 4 17:28 /usr/syno/etc/ssl/ssl.crt/server.crt