Monthly Archives: March 2013

Synology

Synology DiskStation and using a custom SSL certificate

The original post can be found here. For archiving purposes and quick access I have copied this to my blog.

Prepare your Synology DiskStation

openssl synology

  • At first you should generate a temporary work folder. For example /usr/local/ssl/ and cd to this location.

The generation of SSL-certificates is always in two steps. At first you have to generate a certificate authority key. Then you generate a server certificate out of the certificate authority key. The server certificate will be used when starting the webserver. The certificate authority key has to be installed on the client pc.

Generation of the certificate authority key

  1. During the key generation you have to enter a passphrase which you need later to generate the certificates. Generate the key ca.key with the following command (openssl is pre-installed on your synology):
    openssl genrsa -des3 -out ca.key 1024
  2. Generation of the key certificate:
    openssl req -new -key ca.key -out ca.csr
  3. Generation of the final certificate authority key (valid 10 years):
    openssl x509 -days 3650 -signkey ca.key -in ca.csr -req -out ca.crt

Generation of the server-certificate

    1. Generation of the key:
      openssl genrsa -out server.key 1024
    2. |Generation of the key certificate – most important is the Common Name. It is important that it matches your DNS-Name. Example: name.dyndns.org. You can also use wildcards like *.name.dyndns.org.
      openssl req -new -key server.key -out server.csr
    3. Generation of the server certificate:
      openssl x509 -days 3650 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -req -out server.crt

Installing the files

      1. Change into the Synology certificate folder:
        cd /usr/syno/etc/ssl
      2. Make a backup folder for the old files:
        mkdir bak
      3. Copy the old files into the backup folder:
        cp -r ssl.crt bak
        cp -r ssl.csr bak
        cp -r ssl.key bak
      4. Move the new files to the certificate folder:
        mv /usr/local/ssl/ca.crt ssl.crt
        mv /usr/local/ssl/server.crt ssl.crt
        mv /usr/local/ssl/ca.csr ssl.csr
        mv /usr/local/ssl/server.csr ssl.csr
        mv /usr/local/ssl/ca.key ssl.key
        mv /usr/local/ssl/server.key ssl.key
      5. The ca.crt has to be installed on the client workstations. For this we copy the file into the folder public.
        cp /usr/syno/etc/ssl/ssl.crt/ca.crt /volume1/public
      6. Restart your Synology Station

Installation of the certificate on the client workstation

Finally the certificate has to installed on the client workstations as a trusted certificate authority. Copy the file ca.crt to the client pc. Install it within windows explorer with rightclick -> install certificate.

Restoring certificates

In case something goes wrong, Synology has supplied an easy way to, not restore, but create a set of new and working certificates. This should restore the certificates if importing certificates from the web manager has failed. If you need a telnet or ssh client use PuTTY.

      • Login as root, using the admin users password, to the Synology NAS drive using telnet or ssh and type the following in the command prompt:
        cd /usr/syno/etc/ssl/
        ./mkcert.sh
      • Allow the script to finish, and type reboot in the prompt.
      • In a while the NAS drive should have rebooted, and everything should be fine again.
Share
Synology

Subversion installation on your Synology DiskStation

subversionOn the SynologyWiki is an excellent article about installing Subversion on to your synology diskstation. Is is a step by step guide describing all the details for installing subversion on your diskstation.

Integrate Subversion and Visual Studio

You can also integrate SVN with your visual studio environment (almost like TFS). With the software from ankhSVN, for example, you can perfectly integrate SVN and Visual Studio (2008).

Use the Options window to configure the ankhSVN plugin:
image001
The file “app.config” is checked out; other files are also under version control

image002

View all of your pending changes.
image003

All other regular source control options, like banching and merging, labeling, shelving etcetera are all available.

Share

SoapUI Exception: Address already in use: connect

Load testing with SoapUI

soapUI_header_logoWhen load testing with SoapUI this exceptions, SOAP UI Exception: java.net.BindException: Address already in use: connect, may occur on a windows based system. It typically is thrown when testing a service with a lot of request in a short amount of time.

To prevent this exception from being thrown you can change the TcpIp parameters in the windows registry:

Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters
Add a new DWORD key with the name “MaxUserPort” and a decimal value of 65534.

See also here

Share