DSM 7.0 External Server Certificate not trusted while using synology.me

Currently reading
DSM 7.0 External Server Certificate not trusted while using synology.me

Hello!

I am trying to setup a remote Linux server as an ABB client for my home DS920+ which is behind a unifi router.

What I've done so far:
  • Setup synology.me DDNS with the letsencrypt certificate option
  • Set the DDNS cert as the default for ABB
  • Set a port forwarding rule on my router to route *servers static IP*:5510 to the local NAS IP on the same port
  • Setup the Linux ABB client

When I try to connect with abb-cli from the linux server I get the "The SSL certificate of the Synology NAS is not trusted. To learn how to obtain a valid certificate, ..." message even though I'm using example.synology.me as the server address and the NAS is using the DDNS cert for ABB.

This is how I imagine the connection to be:
*servers static IP* --> server address: example.synology.me --> Resolves to the unifi router IP --> 5510 port forwarding --> NAS

If I ignore the warning it still works, but I wanted to know why that untrusted cert error shows up? Shouldn't it be valid?

Does the ABB client check the certificate on a different port?

Thank you very much!
 
Provided that the client's server name is covered by the SSL certificate then there shouldn't be that alert. The alert is warning that the server name it requested is being encrypted using a certificate that it verify ... and do you want to continue.

When you tell the client to trust the certificate this time that trust will continue until the certificate is renewed or replaced. If the updated certificate still cannot be verified then the client will silently stop backing up until you edit the connection and again tell the client to trust the connection.

Been there done it and fixe the certificate problem.

You may want to check in Control Panel / Security and see if the right certificate is being used for the ABB server. There's a second ABB service that covers the ABB web portal and it can have the same or a different certificate, though the client assumes you'll be using the same server name to access the portal.
 
Thank you for your response!

I have made sure that the certificate used for ABB is the example.synology.me cert via the setting in Control Panel / Security, which is also the server address I enter on the client. I couldn't find a seperate setting to choose a certificate for the ABB portal though.

I found a log file at "/opt/Synology/ActiveBackupforBusiness/data/log/log.txt" on the client and these errors seem to be the reason why it's not working:
Code:
[ERROR] channel.cpp (721): Failed to verify certificate (20): 'unable to get local issuer certificate'
[ERROR] protocol-client.cpp (283): Convert to SSL channel failed. (code: -24)
[ERROR] protocol-client.cpp (324): Failed to send protocol. (code: -24)
[ERROR] auth-handler.cpp (463): Failed to send request
[ERROR] auth-handler.cpp (61): handleAuthByPassword: query_server_info failed

I tried accessing the web server on my NAS via port 443 like this:
curl https://example.synology.me/

And it uses the correct example.synology.me certificate so curl is able to establish a connection.

I will try to find out what 'unable to get local issuer certificate' means and report back if I've found a solution.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

To change the username/password I think you have to Log Out first, but this requires a DSM admin user to...
Replies
2
Views
602
  • Question
In addition to the DS920+ I have a DS923+. Tried recovering using the DS923+ and had the same "failed to...
Replies
3
Views
970

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top