Adding Certificates to Unraid
With this I had difficulty’s getting the certificate to work for 2 hours. This was not because its a difficult process this was I was trying for 2 hours to use a user certificate for a server! As soon as I replaced this with a server one it worked the first time.
Step 1 The Certificate
Ok, I am going to assume you have followed the guides till now. So you have a PFSense router and Created a CA then added that CA to windows you will also need a DNS server that you can add entries to so that the right name resolves to your server. So head over to your PFSense router and when you have logged in go to System > Cert Manager, Then click on certificates (you can see I had a few) Scroll right down to the bottom and click add.
The only critical things that you need to make sure of here are,
Method: Create an internal Certificate
Certificate Authority: select the CA you added to windows in the last guide
Common Name: Put the Name you want to use for your tower, eg tower.domain.com
Certificate Type: it is very important you select SERVER if you select user you will end up wasting 2 hours of your afternoon troubleshooting why Unraid won't work with your certificate.
Alternative Name: the first entry you will want to add is FQDN or Hostname with the full name of your server eg tower.domain.com, You then want to add another line with the IP of your server.
The rest you can fill in as you wich just make sure the descriptive name means something to you. Hit save and you will be back at your certificate page. Now find the certificate you just created and click on the 2 below symbols
Step 2 Adding the certificate to UnRaid
For the next part, We need to get the certificate and key that you have downloaded onto your unraid boxes flash storage. This is done by sharing the flash storage briefly, Once you have logged into your UnRaid tower on the main screen scroll down to Boot Device and click on Flash.
Under SMB Access select the user you want to give access to and then click apply. Now navigate to your tower using your file browser and go to the below location.
flash/config/ssl/certs
Now I'm going to assume that you are currently not using SSL in your tower that should make this process easier. If there is anything in here delete it as it's not needed after you have done this copy the key and crt files you downloaded from your PFSense router. Now head back to the web UI for your tower and open up a terminal window and enter in the below command but replace tower with the name of your Unraid box and the names of your cert and key files.
cat /boot/config/ssl/certs/server.crt /boot/config/ssl/certs/server.key > /boot/config/ssl/certs/tower_unraid_bundle.pem
Step 3 Enabling SSL
Now before the next part, you need to make sure that the FQDN you put into your certificate earlier resolves into your server. If it does not make sure you add the appropriate DNS entry.
When you have made sure this entry is working open up the unraid web UI then click on Settings and Identification.
Find the Use SSL/TLS: setting and select Yes. This will make UnRaid use your SSL cert.
Restart the server and then browse to the FQDN you entered and voila your communication between your computer is now encrypted with your own SSL cert.