Synology your connection is not private
Ssl encryption on a synology | synology tutorials
I have the same problem any time I leave my home network and need to get something from my Synology NAS. Who is sniffing my network, and to whom will I be handing over my credentials in plain text via HTTP?
Of course, you can increase the security of your Synology account by using two-factor authentication or connecting to a (preferably private) VPN link first. Even then, the digital footprint of confidential data you leave behind isn’t worth it.
You might get a self-signed SSL/TLS certificate to solve this issue, but the process will take time and money. However, thanks to the good people at Let’s Encrypt, the whole process now takes 15 minutes and is completely free!
If you set your certificate’s “Subject Alternative Name” and want to protect the URL with the same certificate. Don’t forget to configure Reverse Proxy rules for that URL, as well as the proper certificate. As a result,
How to secure your synology dsm
Although some browsers, such as Firefox, allow you to add an exception to a website, even permanently, when you open it in Chrome, you’ll get the following error: (ERR CERT AUTHORITY INVALID) NET::ERR CERT AUTHORITY INVALID)
Create a self-signed certificate, export the SSL certificate to a shared folder, and install it as a trusted certificate on each PC that requires access to the website to solve this issue.
Unfortunately, Chrome does not accept Synology default self-signed certs because they are not created with the SAN extension. As a result, you’ll need to generate a new self-signed Synology certificate, set it as the NAS’s default, and then export it. The Help file on Synology contains detailed instructions, but they are brief.
The first dialog is used to build a root certificate, also known as a Certificate Authority (CA) certificate. Syno-ca-cert.pem will be used to export this certificate. The site certificate will be generated in the second dialog. The Common Name field in the second dialog is ignored by Chrome but used by Firefox and is needed for creating the cert, so set it to the Synology’s FQDN. The Subject Alternative Name field must fit the URL you use in Chrome, so you’ll probably want to use something like https://www.myIntranet.local or https://192.168.1.10 in your web browser to define the Synology IP address and FQDN.
Configure port forwarding to remotely access your synology
In this article, I’ll walk you through installing a trusted 3rd party SSL/TLS certificate on your Synology NAS system, as well as how to use it with Synology web services (websites/Owncloud). I’ll also demonstrate how to set up an HTTP -> HTTPS redirect in Owncloud 9 and DSM 6, with Apache 2.2. I won’t go into how to create a trusted third-party certificate; there are plenty of certificate providers and guidance on the internet.
Synology NAS comes with one self-signed certificate (you can build more if you want) that is used by default for Synology’s web enabled services (WebDav, Cloud Station, FTPS, and so on). It is not supported by a trusted third-party CA, but it may be sufficient for certain purposes among the people and networks you are familiar with.
Further, you must determine if you want your new certificate to be deployed for all Synology web enabled services (the default), or only for certain virtual hosts or all of them. This has a direct bearing on the type of certificate you will get. Are you going to get a wildcard certificate that covers all of your domain’s sub-sites at once, or are you going to get separate certificates for each of your domain’s hosts?
Configure https on synology nas using let’s encrypt
I work in the field of creation. A self-generated SSL certificate is used by some of our test equipment. When I try to browse to our lab’s equipment, I get an error message that says “this link is not private.” However, “Show info” and “Go Back” are the only two options available.
Note: If the problem persists after downloading the certificate, try editing in the keychain access app: Double-click the certificate you just installed to open it, extend “Trust,” and adjust “When using this certificate” to “Always Trust.” It should work if you close it and reload the tab.
@brinkdad, if the alert page keeps reloading, check the specifics of the certificate on the page, then open Keychain Access, find the certificate, and delete it. Reload the tab and try again to navigate the website. This should allow you to access the website by installing the correct certificate.
I tried every solution here and was still stuck in the endless loop that @brinkdad mentioned. I got it to work by opening Keychain Access, finding the certificate, right-clicking Get Data, expanding Trust, and changing the “When using this certificate” selection from “Custom” to “Always Trust.”