SSL Certificate - necessary?

Currently reading
SSL Certificate - necessary?

ed.j

Subscriber
200
57
NAS
DS920+, DS416slim
Operating system
  1. Windows
Mobile operating system
  1. Android
I am connecting to my DS main login screen through https via static IP (ie remotely).

It was bugging me having to click the "certificate not trusted" warnings because the standard synology certificate is not SSL/HTTPS (I think?)

So I looked into an LE SSL certificate. Took me ages but I got there in the end.

But now I have three questions:

1. If I am connecting to DSM via HTTPS but the connection/certificate is "not trusted" - traffic is still encrypted and so this warning is essentially an annoyance/cosmetic right? The certificate warning is more to do with sites you don't control rather than guaranteeing the encryption is in place...?

2. If I change the default certificate to the LE one, I still get a "not trusted" warning when trying to remote connect to DSM. I thought the whole point of the LE cert was to get rid of this? Have I done something wrong?

3. If I change the cert for everything in Security-Certificate-Settings from synology to LE, is this the "right" thing to do? Or will it screw things up?

Really all I want to be able to do is connect via SSL without warnings. Happy to pay for a cert if that's a viable route. THanks
 
425
166
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
You say, "I am connecting to my DS main login screen through https via static IP".
This suggests that you might be connecting using a numeric address, e.g., "https://xxx.yyy.zzz.aaa"
If so, this will ALWAYS result in the error you're describing.
To avoid the error, you have to connect using the domain name on the certificate. e.g., "DomainName.com".

And, if you're connecting to, e.g., www.domainname.com, the certificate has to have www.domainname.com IN ADDITION TO domainname.com listed as a subject alternative name.

I suggest making the LE certificate the default certificate, and also assigning it to all services you intend to access externally. If it turns out you need the synology certificate for something, you can always fix that in "configuration" later.
 

ed.j

Subscriber
200
57
NAS
DS920+, DS416slim
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
Thanks very much akahan

You are entirely correct in that I was using a numeric address - I have just tried using the domain name used for LE and it works perfectly, thanks for pointing this out. When you think about it, it is incredibly obvious that this must be the case!!

Much appreciated.
-- post merged: --

I forgot to ask something. If I now connect to my NAS from a laptop via blahblah.ddns.net (ie a free DDNS), will my traffic have blahblah.dns.net in the middle or will it be direct from NAS to laptop?
 

fredbert

Moderator
NAS Support
Subscriber
4,188
1,667
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
DDNS is just a DNS server that supports updating records quickly, e.g. for home users that have dynamic IPs from their ISPs. The resolution of a DDNS domain name will be to the current (or last notified) Internet IP assigned by your ISP.

DDNS is not a proxy service.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Question ssl certificate
in /var/log/messages you will find more details for sure and there issues like this are stated. Still, I...
Replies
17
Views
2,332
This is a simple and yet effective solution for my lan (photo station, dsm administration). Thanks.
Replies
16
Views
21,606
OK. This is a remote location that I’m barely at. I’ll try that next time I’m there.
Replies
21
Views
19,986
Well said @fredbert. That's why I argued above that the author's logic can apply to many things in life...
Replies
10
Views
2,195
Ok, that is reassuring. I didn't know if it was required should the NAS need to be reset at a future...
Replies
2
Views
1,409
  • Question
I want to thank everyone for their replies. I've learned quite a bit. Ultimately, the client pivoted and...
Replies
6
Views
1,499
  • Question
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
307

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top