I've recently changed from "Non-Secure HTTP" to "SecureHTTPS" for my 215J. This was not a easy task as I had attempted to perform this numerous times prior with the result being locked out. After following all the instructions, and being pleasantly surprised that the software "Automatically" opened Ports on the 2600 I was still unable to gain access over HTTPS. It took several help tickets to Synology and them gaining remote access till they discovered that the "Automatic" Port opening in fact failed to open 5000 & 5001..... Once that was accomplished, the NAS was now secure. But that left the 2600 Router... surely that would be easy, but no. I have been unable to find any documents from Synology on how to enact HTTPS on it. I was able to IMPORT the Certificate correctly I believe and turned on HTTP Traffic directed to HTTPS, but that Locked me out and had to turn that off.
Does anyone know the step x step procedure to turn on HTTPS on the 2600?
Erm, HTTPS for the SRM web interface should already be enabled. When the router went through initial setup it will have created a self-signed SSL certificate and it uses this to secure all services. Have you tried...?
https://my_srm_router:8001
You web browser may complain because the certificate isn't signed but once you've told it trust it for this URL then it should work.
I believe I did.... And it should all be working, but it still shows as unsecure, but as I mentioned Re-Directing HTTP to HTTPS locks me out. And your "8001 also failed for me. And I did try going in through HTTPS and that too is refusing entry. This issue may fall into the same category as the DSM where it should have opened Ports but failed. We'll see what the Help Desk comes up with as I've just created a Ticket as this should be a simple process....
Thanks though for your suggestions...
-- post merged: --
Here's the answer from Synology (responded in less than 3 hours)... Hopefully this might help anyone who has the same question.
The reason why your connection to your router is "Not secure" is because you're connecting via an IP address, and a local IP address at that.
You can connect via HTTP or HTTPS with an IP address, but it will never be "secure".
But what is most important to take away from all of this is that this does not matter what so ever. So my advise to you would be to just leave everything how it is.
A "not secure" connection means that you traffic is not hidden from others on the same network as you. You're connecting locally from a private network already, so already you're protected. The only "threat" would be from people that are also on your local home network, so there really isn't any threat.
If you wanted to get a "secure" connection to your router, you can, but doing so would leave you less secure. Because to have a "secure" connection would require you to make your router accessible over the internet.
Having a "not secure" local connection is far more secure then a "secure" connection accessible over the internet because being accessible over the internet opens you up to much more potentially unwanted connectivity.
If you do want your router accessible over the internet, then yes you would want a secure connection for this and you can get this. Do do this you will need a DDNS. You can get a free one with Synology:
First you will need to Allow external access to SRM
Then add a DDNS
Make sure you select the option to Request a certificate from Let's Encrypt
Then every time you connect you will have to connect with https://hostname.synology.me (or whatever hostname/provider you chose).
No unfortunately.... and the instructions still need some tuning as I'm currently awaiting some clarification as its not accepting the same certificate I already have for the NAS....
