The Thecus N7510 is a cheap NAS that used to be popular for its large amount of disks (7) while still being as cheap as (or even cheaper than) most 4-disks NAS.
It is powered by Thecus OS, but sadly it seems that its version of Thecus OS isn’t maintained very actively anymore. Particularly, the SSL/TLS certificate used for FTP over TLS expired about a month ago. Which is pretty annoying, because FileZilla refuses to let you permanently ignore a certificate expiration alert (for stupid reasons, but this isn’t the first time the FileZilla developers provide poor explanations for equally poor choices – we can only live with that).
So the only option I had left was to try to upgrade the NAS’s certificate by myself. Gladly, this turned out fairly easy, as I wrote a guide before on how to create your own self-signed certificate. So the only new (and minor) difficulty was to find where the current SSL/TLS certificate of the N7510 is. I quickly found that it’s named /etc/ssl/private/pure-ftpd.pem, which contains both the server private key and the signed certificate (something very slightly different from my previous guide: you just need to stash 2 files into one .pem file).
If they’re not already enabled, you need to enable SSH and SFTP from the ThecusOS control panel (the SSH & SFTP toggles are in Network Service > SSH)
Once this is done, here are the commands I used (cf the linked guide if you need more details) to generate the certificate:
cd /etc/ssl/private openssl genrsa -des3 -out servPriv.key 4096 openssl req -new -key servPriv.key -out servRequest.csr cp servPriv.key servPriv.key-passwd openssl rsa -in servPriv.key-passwd -out servPriv.key openssl x509 -req -days 3650 -in servRequest.csr -signkey servPriv.key -out signedStartSSL.crt
At this stage, you have everything you need excepted the “stashed” pem file.
At first, I tried to use nano to create it, but the Thecus N7510 doesn’t have nano 😡 So, I connected via SFTP (with FileZilla) as root (that’s why I told you to enable SFTP along with SSH earlier). Then I grabbed servPriv.key and signedStartSSL.crt, and put them both into a single text file (not sure if the order matters) name newcert.pem.
Just for the sake of clarity, newcert.pem looks like:
-----BEGIN RSA PRIVATE KEY----- [base64 stuff] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- [more base64 stuff] -----END CERTIFICATE-----
Finally, I uploaded newcert.pem into /etc/ssl/private, renamed pure-ftpd.pem to pure-ftpd.pem.bak, and renamed newcert.pem to pure-ftpd.pem.
All is now ready, the last thing you need to do is to restart the FTP server. The easiest way to do it is to disable then re-enable it via the ThecusOS control panel (Network Service > FTP).
Now, when you connect with FileZilla to the FTP server, you’ll see your new, non-expired, certificate, and will be able to trust it permanently (that is, until it expires in about 10 years).
Thanks for the information, very helpful.
In your post however you write …until it expires in about 10 years
While you generate the new certificate for 365 days, which is about 1 year. 😉
Oops, right, I forgot a zero ^^ Fixed 🙂
PS to combine the two seperate files, you could use:
cat servPriv.key signedStartSSL.crt>pure-ftpd.pem
Create a backup of the old pure-ftpd.pem file first, if you want to save it.
Thanks for this, very helpful. Works on the N4350 as well. I won’t be bothered anymore about the certificate expired popups! 🙂
Good to know, thanks!
For your information btw, my Thecus N7510 “kind of” died about a year ago. The computer part still works, but the mechanical part not so much: the HD bays don’t lock anymore, once I eject a disk I can’t put it back. Yikes. The drives outlived the NAS (well, almost all of them)