synology ssl certificate not trusted

• Home
• Themes
• Blog
• Location
• About
• Contact

---

What am I missing? Great tutorial. How you add a CNAME can be different and depends if you’re using a control panel or not, what OS, etc. However, I am confused on how to accomplish this. whenever I try to access additional ports on the diskstation (audiostation, etc) it gives me the ssl error. Again I’ve not used the other site so I really can’t comment on their support or process. Installed Synology DiskStation Manager (DSM, the web-based operating system of Synology NAS) Refer to the Quick Installation Guide included with your Synology NAS for more information about hardware and software installation. The more you can lock down the NAS the better. Mike… thanks for that now famous tutorial. Log into your Synology and navigate to Control Panel > Security > Certificate and click on “. So if you don’t already have a webhost, check out BlueHost. The TTL problem is something which is for example not indicated in your tutorial even though it may seem obvious. For me I’ll be using a subdomain attached to my domain name for example: subdomain.miketabor.com. The CNAME will allow you to direct that name to your Synology DDNS service and thus to your Synology box. 4. Most browser security errors have now disappeared. That’s great, I’m all set then! It’s nice to see that it’s possible to find information in the internet that are clearly presented and correct. I really appreciate you taking the time to provide this for everyone. Secure your synology with https/ SSL certificate from Let’s Encrypt. When setting up secure Intranets, it is often necessary to configure the servers with SSL certificates that have not been issued by a trusted certification authority. Any suggestions? How long has it been since you’ve created the CNAME? 1. You should get a commission from Namecheap and Synology! First try going to https://subdomain.domain.com:5001 (5001 is the default DSM https port) if that doesn’t work then I’m willing to bet the router port forwarding hasn’t been configured and if that’s the case you’ll need to do that as well. I followed you instructions (Namecheap and all) but I did need the help from all the comments and your responses to them. I didn’t have mailserver and mailstation configured at that point. It works now. Thus the reason for using a subdomain. – At the end, I wanted to use synology’s firewall to block ports I was not using, but it created problems, so I didn’t touch it. The default certificate supplied works, but gives an exception in the browser: There is a problem with this websites security certificate. I followed it the same way as you mentioned, and everything worked, but when I ran the test here https://www.ssllabs.com/ssltest/ it said that one of the intermediate certs was an “additional download” (which isn’t preferred). Two questions though: – to access the nas now, I need to type: https://syno.mydomain.com:11111 Is there a way I can just type syno.mydomain.com and the https and port come automatically? I’m a little new at this. SSL Server Certificate: server.pem 3. Hello, i see in the namecheap website it says that a dedicated IP is required… any comments, i do not have a dedicated… i do have a domain dns with Dyn that point to my synology…. Synology Cloud Station Ssl Certificate Not Trusted New technologies are evolving at breakneck speed, continuously changing services and work processes. In DSM 6.0 -> Control Panel -> Security -> Certificate, Click “Add” to start the process and choose “Create self-signed certificate”. This hasn’t anything to do with what port your Synology NAS is listening on. And it works like a charm. I have a DS412+ and installed a Third Party Cert and when i accesshttp://nas.mydomain.com, it gets redirected to https and the certificate works fine. I can set this ssl up on the domain at my host- should I do this as well- or do I need to do this as well? Now that makes sense. You can download this certificate on your webserver as per the instructions mentioned in the URL. I think your comment about how the steps was different using another SSL cert type (StartSSL) goes back to being a prime example as to why it’s hard for me to list detailed instructions about adding a CNAME. It sounds like the DNS hasn’t updated yet if you’re getting a not found error when you try to go to sub.mydomain.com. I’ve set up a CNAME that points to my synology box which actually connects but throws up the error. Enjoy! Keep up the good work! Thanks Michael for your great tutorial!! Under "Enable full trust for root certificates," turn on trust for the certificate. I primarily use Firefox and have not had any issues with SSL cert errors. I got the last screen you got but I still have red mark on my “https” which is still unsecure! 3. Transfer Domains Migrate Hosting Migrate WordPress Migrate Email. If you want to restrict access to certain IP’s or geo-locations you could probably setup a firewall rule either on the NAS itself, see this post for some synology firewall rules, or depending on what firewall you’re using at the home/office you could setup rules there too. By the looks of their FAQ https://www.namecheap.com/support/knowledgebase/category.aspx/11/dynamic-dns they do support DDNS. Go back to your Synology and navigate to Control Panel > Security > Certificate and click on “. I then redid the steps above. Why? Not sure if you had to go through any of this, but just wanted to mention it! Flo, Pingback: Securing your Synology NAS, Part 2 - Mike TaborMike Tabor. In a nut shell you should have an option to enable port forwarding in your router. Help appreciated. My UPS…, Enable automatic door locking via Forscan on Ford vehicles, Having Windows 10 Pro gives access to Hyper-V as a virtualisation platform. Works perfectly selecting that crt file as intermediate. It seems that it was a format problem within the files. No instructions provided and I don’t have any idea what this means. I probably did something else in the meantime. Some googling and it was figured out that you can copy-paste the text from the two intermediate certs and save them into notepad/save-as *.PEM, choose that when selecting intermediate cert in the synology screen, and now when I run the test, everything is happy. Be sure to read my other blog post that further details how to secure the Synology NAS even further – https://miketabor.com/securing-synology-nas/. I received two files from namecheap: a .crt file and a .ca-bundle file. That said make sure your certificate files are in the UTF-8 format and that you have —–BEGIN CERTIFICATE REQUEST—– (at the top) and the —–END CERTIFICATE REQUEST—– (at the bottom) in the file. Login. Your email address will not be published. I did everything you said, but im stuck at ” add a CNAME DNS forward from your domain (or subdomain if you wish to go that route) to your DDNS service.” I have a forward from my cpanel to my subdomain. No. There is no catch. Somehow I still cant get it up and running completely. That’s it! After I have done all this, can I take my synology off the internet again? In case something goes wrong, Synology has supplied an easy way to, not restore, but create a set of new and working certificates. I own my domain and got the sll, just can’t figure out the process in between. It does mean that now accessing your Synology Diskstation over the local network will throw up a selection of security warnings.