SSL Certificate - necessary?

Currently reading
SSL Certificate - necessary?

DS920+, DS416slim
Operating system
  1. Windows
Mobile operating system
  1. Android
I am connecting to my DS main login screen through https via static IP (ie remotely).

It was bugging me having to click the "certificate not trusted" warnings because the standard synology certificate is not SSL/HTTPS (I think?)

So I looked into an LE SSL certificate. Took me ages but I got there in the end.

But now I have three questions:

1. If I am connecting to DSM via HTTPS but the connection/certificate is "not trusted" - traffic is still encrypted and so this warning is essentially an annoyance/cosmetic right? The certificate warning is more to do with sites you don't control rather than guaranteeing the encryption is in place...?

2. If I change the default certificate to the LE one, I still get a "not trusted" warning when trying to remote connect to DSM. I thought the whole point of the LE cert was to get rid of this? Have I done something wrong?

3. If I change the cert for everything in Security-Certificate-Settings from synology to LE, is this the "right" thing to do? Or will it screw things up?

Really all I want to be able to do is connect via SSL without warnings. Happy to pay for a cert if that's a viable route. THanks
You say, "I am connecting to my DS main login screen through https via static IP".
This suggests that you might be connecting using a numeric address, e.g., ""
If so, this will ALWAYS result in the error you're describing.
To avoid the error, you have to connect using the domain name on the certificate. e.g., "".

And, if you're connecting to, e.g.,, the certificate has to have IN ADDITION TO listed as a subject alternative name.

I suggest making the LE certificate the default certificate, and also assigning it to all services you intend to access externally. If it turns out you need the synology certificate for something, you can always fix that in "configuration" later.
Last edited:
Thanks very much akahan

You are entirely correct in that I was using a numeric address - I have just tried using the domain name used for LE and it works perfectly, thanks for pointing this out. When you think about it, it is incredibly obvious that this must be the case!!

Much appreciated.
-- post merged: --

I forgot to ask something. If I now connect to my NAS from a laptop via (ie a free DDNS), will my traffic have in the middle or will it be direct from NAS to laptop?
DDNS is just a DNS server that supports updating records quickly, e.g. for home users that have dynamic IPs from their ISPs. The resolution of a DDNS domain name will be to the current (or last notified) Internet IP assigned by your ISP.

DDNS is not a proxy service.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

thanks a lot my friend, I will ask their costumer service on Monday /hug
  • Question
Question ssl certificate
in /var/log/messages you will find more details for sure and there issues like this are stated. Still, I...
This is a simple and yet effective solution for my lan (photo station, dsm administration). Thanks.
OK. This is a remote location that I’m barely at. I’ll try that next time I’m there.
Well said @fredbert. That's why I argued above that the author's logic can apply to many things in life...
Ok, that is reassuring. I didn't know if it was required should the NAS need to be reset at a future...
  • Question
I want to thank everyone for their replies. I've learned quite a bit. Ultimately, the client pivoted and...

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads