SSL Certificate - necessary?

Currently reading
SSL Certificate - necessary?

290
89
NAS
DS920+, DS416slim
Operating system
  1. Windows
Mobile operating system
  1. Android
I am connecting to my DS main login screen through https via static IP (ie remotely).

It was bugging me having to click the "certificate not trusted" warnings because the standard synology certificate is not SSL/HTTPS (I think?)

So I looked into an LE SSL certificate. Took me ages but I got there in the end.

But now I have three questions:

1. If I am connecting to DSM via HTTPS but the connection/certificate is "not trusted" - traffic is still encrypted and so this warning is essentially an annoyance/cosmetic right? The certificate warning is more to do with sites you don't control rather than guaranteeing the encryption is in place...?

2. If I change the default certificate to the LE one, I still get a "not trusted" warning when trying to remote connect to DSM. I thought the whole point of the LE cert was to get rid of this? Have I done something wrong?

3. If I change the cert for everything in Security-Certificate-Settings from synology to LE, is this the "right" thing to do? Or will it screw things up?

Really all I want to be able to do is connect via SSL without warnings. Happy to pay for a cert if that's a viable route. THanks
 
You say, "I am connecting to my DS main login screen through https via static IP".
This suggests that you might be connecting using a numeric address, e.g., "https://xxx.yyy.zzz.aaa"
If so, this will ALWAYS result in the error you're describing.
To avoid the error, you have to connect using the domain name on the certificate. e.g., "DomainName.com".

And, if you're connecting to, e.g., www.domainname.com, the certificate has to have www.domainname.com IN ADDITION TO domainname.com listed as a subject alternative name.

I suggest making the LE certificate the default certificate, and also assigning it to all services you intend to access externally. If it turns out you need the synology certificate for something, you can always fix that in "configuration" later.
 
Last edited:
Thanks very much akahan

You are entirely correct in that I was using a numeric address - I have just tried using the domain name used for LE and it works perfectly, thanks for pointing this out. When you think about it, it is incredibly obvious that this must be the case!!

Much appreciated.
-- post merged: --

I forgot to ask something. If I now connect to my NAS from a laptop via blahblah.ddns.net (ie a free DDNS), will my traffic have blahblah.dns.net in the middle or will it be direct from NAS to laptop?
 
DDNS is just a DNS server that supports updating records quickly, e.g. for home users that have dynamic IPs from their ISPs. The resolution of a DDNS domain name will be to the current (or last notified) Internet IP assigned by your ISP.

DDNS is not a proxy service.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

thanks a lot my friend, I will ask their costumer service on Monday /hug
Replies
4
Views
770
  • Question
Question ssl certificate
in /var/log/messages you will find more details for sure and there issues like this are stated. Still, I...
Replies
17
Views
3,309
This is a simple and yet effective solution for my lan (photo station, dsm administration). Thanks.
Replies
16
Views
31,326
OK. This is a remote location that I’m barely at. I’ll try that next time I’m there.
Replies
21
Views
24,918
Well said @fredbert. That's why I argued above that the author's logic can apply to many things in life...
Replies
10
Views
3,116
Ok, that is reassuring. I didn't know if it was required should the NAS need to be reset at a future...
Replies
2
Views
3,358
  • Question
I want to thank everyone for their replies. I've learned quite a bit. Ultimately, the client pivoted and...
Replies
6
Views
2,712

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top