Info Why the synology.com default certificate ?

[Telos]

So why does this cert exist? Can it safely be deleted? Is it just a placeholder since DSM requires at least one certificate?

On one machine in expires in several months. On another machine it expires in 2037. Why?

Is this cert machine specific, or could I export/import it across machines.

Thanks... this always aroused my curiosity.

 

[garryk]

I don't know the details of why it exists, but I know that some services depend on it when there's nothing else! eg OpenVPN), and changing to another default needs to be done right (I screwed it up and now I'm having to get support from Synology to fix my loss of remote access via VPN server)!
Seems I tried to do an 'update' to the System Default certificate, but I didnt do it right, and now it has resulted in the default certificate being deleted and I cant get the VPN to stand anymore. (Username/password Auth doesn't work using Tunnelblick client anymore. Before my faux pas it all worked fine!)

 

[fredbert]

I think I deleted one once, nothing bad happened. Specifically SRM doesn't allow multiple certificates so the default Synology one will be overwritten if you create or add your own.

If you create your own self-signed certificate I think it has a one year life, but the default one created during initial setup goes on for years.

If the default doesn't have any services assigned to it then I think it is safe to delete. Also assign a different certificate as default.

The OpenVPN .ovpn file has certificate info embedded so that could be a source of problems if you're not just renewing, e.g., an LE cert.

 

[Telos]

I think I deleted one once, nothing bad happened

Good to hear. I guess I'll know more when expiration hits.