Not Secured Connection on Local LAN?

Currently reading
Not Secured Connection on Local LAN?

69
15
NAS
DS218+
Operating system
  1. Windows
Mobile operating system
  1. iOS
I find it absurd and idiotic that I get "This is not a secure connection" when attempting to connect to devices on my own local area network from within the network itself, while at home. And I would hate to think I have to now add a layer of 'local certificates" in order to get rid of these annoying and unnecessary messages and go on about my business. I get these moronic messages when connecting to my two NASs but I can click to get through to my NASs anyway.How do I get rid of these messages.
 
It's client device/application telling you this. In web browsers it usually means accepting an exception that it will then treat the SSL certificate as valid for that website.

Web browsers and other client apps have become very vocal about this in the last few years.
 
Upvote 0
Especially due to the fact that Internet CA approved SSL certs can be obtained for free nowadays.
See this article for more info.
I think I understand what you are saying. But I don't see why I need a certificate to access an ip address on my own network, from within the network itself. I am not using a host or domain name, just the ip address. I am not outside the network. I am on the same network via ethernet.
-- post merged: --

Especially due to the fact that Internet CA approved SSL certs can be obtained for free nowadays.
See this article for more info.
You can't be serious about needing an SSL certificate to access my own home network, from home, via ethernet within the network itself. That can't be right. I don't think you understand what I am saying.
 
Upvote 0
Last edited:
You can't be serious about needing an SSL certificate to access my own home network, from home, via ethernet within the network itself. That can't be right. I don't think you understand what I am saying.
Well then don't use HTTPS connections (which obviously requires an SSL certificate whether you like it or not.......) because you apparently don't know what u are doing or understand why browsers can give these warnings...

But beware, there might be a day in the future when browsers give a warning by default when connecting unsecurely over HTTP
 
Upvote 0
Well then don't use HTTPS connections (which obviously requires an SSL certificate whether you like it or not.......) because you apparently don't know what u are doing or understand why browsers can give these warnings...

But beware, there might be a day in the future when browsers give a warning by default when connecting unsecurely over HTTP
Thanks for your response. I now feel like I wish I had not posted the question at all. And going forward I may not ask any more. It's great that you know what you know. And the purpose of a forum is to share information, not to remark on people's lack of knowledge. I have built my own computers, am a federally licensed ham operator, worked in hospitals doing their financial spreadsheets and server a decade in the military. I am no dummy. But you would respond to the affect that I am. I hope you feel proud of yourself knowing so much and then insulting people for not knowing what you know. Sharing your knowledge would have been so much more helpful. I will look elsewhere for the information I need.
 
Upvote 0
Well then don't use HTTPS connections (which obviously requires an SSL certificate whether you like it or not.......) because you apparently don't know what u are doing or understand why browsers can give these warnings...

But beware, there might be a day in the future when browsers give a warning by default when connecting unsecurely over HTTP
Can you please help me and tell me how to do that SSL certification, as I have the very same problem and difficulty as @Joseb ?
Thank you.
 
Upvote 0
Can you please help me and tell me how to do that SSL certification, as I have the very same problem and difficulty as @Joseb ?
Thank you.
But if you want a wildcard cert for your own domain, you could also try: Let's Encrypt + Docker = wildcard certs .

Sharing your knowledge would have been so much more helpful. I will look elsewhere for the information I need.
The bit of information you asked for was already provided to you below. I merely responded to @fredbert to add in why webbrowsers are becoming so vocal about improper secured connections.
In web browsers it usually means accepting an exception that it will then treat the SSL certificate as valid for that website.

Web browsers and other client apps have become very vocal about this in the last few years.
If you don't accept this answer, then I'm not sure what else you are looking for. Also I'm not sure why you responded to me in the first place. I'm not a webbrowser developer, but this is just the way the browsers and other client apps (like CalDAV/CardDAV syncers) work. :)
 
Upvote 0
I find it absurd and idiotic that I get "This is not a secure connection" when attempting to connect to devices on my own local area network from within the network itself, while at home. And I would hate to think I have to now add a layer of 'local certificates" in order to get rid of these annoying and unnecessary messages and go on about my business. I get these moronic messages when connecting to my two NASs but I can click to get through to my NASs anyway.How do I get rid of these messages.
Your situation seems like it should be simple and that the security mechanisms are being overly pedantic. But when looking at the general case, where RFC1918 addressing is used for private subnets, there is no guarantee that 'local' IP addresses are used by benign 'local' devices.

It's not always the case that RFC1918 addresses are used for truly local devices and you can't even be certain that RFC1918 addresses on the same subnet are for local devices. For instance, VPN'ed devices, double-NAT'ing (source and destination IPs are NAT'ed to local IPs), or just extended private networks can all have RFC1918 addressing... should you trust all of those just because they use RFC1918 addresses? No. The safest approach for a server is to assume all client devices are hostile, until proved otherwise, and afford them the same level of trust (or dis-trust).

If you're going to access the server using LAN IP then the default will be that the SSL certificate will not cover IP addresses and you'll get an error which you'll have to accept in the browser. Once accepted the exception will remain in the browser for that IP/certificate.

Ultimately it is down to you to make the decision to accept an exception and not the browser to assume it'll be ok. This way you're aware of this lower level of security, though for many this will merely confuse and/or annoy them because it's not fully apparent why it is necessary to be so stubborn.


You could use HTTP for local IP device access and block HTTP from the Internet ... i.e. only port forward HTTPS. My preference is to use HTTPS wherever I am and have a single set of bookmarks.​
All the Synology mobile apps have the option to validate secure connections. This requires a valid, signed certificate but you can disable this option and use IP address and self-signed (or signed) certificate. It's the web browsers that enforce the policy of validating certificates against the connection information, and for this you'll have to keep adding exceptions if you want to use HTTPS and an IP address.​


But my preference is to run a local DNS server for LAN devices (distributed as part of the DHCP info) and my domain name resolves to local IP. Everything else gets sent to Internet DNS to be resolved. This means my bookmarks are the same for LAN and Internet connected devices and resolution is either direct to LAN IP or to my router's ISP IP. It also means that SSL certificates (managed by DSM) align to the domain names I used to connect to the NAS.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
I want to thank everyone for their replies. I've learned quite a bit. Ultimately, the client pivoted and...
Replies
6
Views
2,817
  • Solved
Ok, I'm reviving this thread because I'm experiencing the same problem, but none of the solutions...
Replies
8
Views
7,412
  • Question
When you login to the NAS and experience this issue of the certificate, check what is reported as the...
Replies
13
Views
2,404
  • Question
Just wondering what the general consensus is regarding the move online for access control solutions...
Replies
1
Views
839
  • Question
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
2,359

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top