If this document does not correspond to your current software version, you can go to Download Center to find other available document versions.


QTS 5.0.x

Download (PDF)

Replacing the Server Certificate


The NAS supports only X.509 PEM certificates and private keys. Uploading an invalid security certificate may prevent you from logging in to the NAS through SSL. To resolve the issue, you must restore the default security certificate and private key.

  1. Go to Control Panel > System > Security > SSL Certificate & Private Key.
  2. Go to Server Certificate.
  3. Click Replace Certificate.

    The Replace Certificate window appears.

  4. Select an option.



    Import certificate

    This option allows you to import an SSL certificate and private key from your computer.

    Get from Let's Encrypt

    This option uses the Let's Encrypt service to validate and issue a certificate for your specified domain.


    QNAP recommends you use port 80 or 443 for authorizing the SSL certificate domain and accessing the Internet.

    Create self-signed certificate

    This option allows you to create a self-signed certificate.

  5. Click Next.

    A configuration window appears.

  6. Perform any of the following actions:


    User Action

    Import certificate

    1. Click Browse to upload a valid certificate.

    2. Click Browse to upload a valid private key.

    3. Click Browse to upload an intermediate certificate.

    Get from Let's Encrypt

    1. Specify a domain name containing a maximum of 63 ASCII characters, without spaces.

    2. Specify a valid email address.

    3. Specify an alternative name.


      Use "," to separate multiple aliases.

      Example: 123.web.com,789.web.com

    Create self-signed certificate

    Configure the following information:

    • Private key length

    • Common name

    • Email

    • Country

    • State/Province/Region

    • City

    • Organization

    • Department

  7. Click Apply.