Doesn't work with Synology nginx as it doesn't have a name

[rightsaidfred99]

Environment

• Operating system (including version): macOS
• mkcert version (from mkcert -version): 1.4.4
• Server (where the certificate is loaded): Synology
• Client (e.g. browser, CLI tool, or script): Synology

What you did

I can import the certificates into Synology's nginx UI. It loads okay

What went wrong

The problem occurs as the certificate generated doesn't have a name. so you can add domains and subdomains with Synology's UI. I propose that it just ads a title/name to the certificate.

[rightsaidfred99]

Sorry, by title - I mean "Issued To" field which Synology requires.

[android10]

@rightsaidfred99 I'm interested in this one. Where can you see Synology requirements? Maybe with that in mind we can contribute with a PR here.

[elexx]

I was not able to find any official certificate requirements by Synology, but I noticed the subject CommonName was not set by mkcert. After setting a CN, Synology accepts the generated certificates. I just pushed an PR to add this.

[elexx]

This problem seems btw very similar to #47 where iOS would not accept the rootCA if CN was not set.

[pzmarzly]

I found that once you have rootCA.pem and rootCA-key.pem generated by mkcert, you can use these commands to generate the certificate that can be used by DSM (Synology OS)

cat > synologynas.local.v3.ext <<-EOF
[ v3_ca ]
subjectAltName = DNS:synologynas.local
EOF

openssl req -new -nodes -keyout synologynas.local.key -out synologynas.local.csr -days 3650 -subj "/CN=synologynas.local"

openssl x509 -req -days 3650 -sha256 -in synologynas.local.csr -CA rootCA.pem -CAkey rootCA-key.pem -CAcreateserial -out synologynas.local.crt -extensions v3_ca -extfile synologynas.local.v3.ext