Self-Signed certificate renewed itself ahead of time???

Currently reading
Self-Signed certificate renewed itself ahead of time???

2
0
NAS
918+, 1815+
Router
  1. RT2600ac
  2. RT6600ax
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Hi folks!

Hope you can help or point me in the right direction.

Today I was greeted by the typical "This connection is not secured" when I tried to access one of my Synology NAS. I verified looking at DS files on my phone, in trusted connections I had used for the last 10 months and it was due to expire in the middle of November. All devices that connects to it, shows the new certificate error.

Accepting the warning and looking at the new cert it says is set to expire Thursday, 12 September 2024 at 16:12:32 Central. And my old was set to expire 2023-11-09 (november the ninth) at 15:29:59.

I have a logged in and checked Logcentral, but found nothing related to change of certificate or weird login attempts, the last 24h. And other weird happenings, at least not what I can see.

After some googling I decided to activate SSH and see if there was some extra logs to be found that is not showing up in logcentral, I managed to access the folder: /var/log and downloaded all the logs to my computer for analysis. But Im going to be honest, there are so many logs and Im not sure where to start.

Anyone out there who come across this issue before? Or know how to find the cause of the new self-signed was installed (from Synology, Taipei).

  • Its a 1815+ with DSM 7.1.1-42962 Update 6 installed.
  • I have 2FA on the admin accounts.
  • Not rebooted since the last 27days.

Any help is welcomed!
:)
 
Or know how to find the cause of the new self-signed was installed (from Synology, Taipei).
All of my Synology self-signed certs expired some time ago. They are basically useless even when "active". Generally speaking self-signed certs are a placebo. Instead... get an LE cert for your DDNS or personal domain.
 
Upvote 0
All of my Synology self-signed certs expired some time ago. They are basically useless even when "active". Generally speaking self-signed certs are a placebo. Instead... get an LE cert for your DDNS or personal domain.
Thanks for the input Telos.

Yes I have had that on my mind for some time. Found some potential guides on youtube on how to set up reverse proxy and get LE cert on my internal servers. Just not got my time to take care of it.

Btw, why would selfsiged certificates be useless and placebo? I know they dont automatically get accepted in browsers. If I create a self-signed certificate and accept them/import them in browsers and devices, the error messages dont show up, and connection is encrypted. Or what have I missed? And the servers are only for internal use.

However I still want to know why all of a sudden a new certificate was installed on my server. I have had this server for some years and it has never done this. Sure the cert might have expired, but it has never renewed by itself.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
In Synology DSM 7.1.1-42962 Update 6 I have number of reverse proxy rules on different domains, and in the...
Replies
0
Views
584
thanks a lot my friend, I will ask their costumer service on Monday /hug
Replies
4
Views
1,018
  • Question
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
2,486
If a answer is still needed! You should import the cloudflare orgin server RSA PEM see doc. Origin CA...
Replies
1
Views
4,477
Replies
2
Views
3,141
Tremendous stuff thank you fredbert.
Replies
4
Views
1,923

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top