"Your Connection Isn't Private"

Currently reading
"Your Connection Isn't Private"

2
1
NAS
DS220+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Hi All. Forum newbie here. Please also consider me a NAS newbie as well, given the amount of understanding of these things I have.

I asked a guy in IT at my work what solutions were available to store thousands and thousands of photo's and access them from my iphone when I'm travelling. He suggested a small Synology NAS, so I bought a brand new DS220+. Now, I have always used external hard drives to back up my files, and got the impression that a NAS was just an external HDD with external access. Terrific. Well, I have struggled to find basic, easy to understand step by step instructions on how to set this damned thing up properly, so I've done the best I can. I didn't expect the learning curve to be so steep. Everything I've read, researched, and studied so far is, IMO, written in tech gobbledigook not designed for the layman. I hope with this context someone here may be able to help me with this error, please.

When I use the Synology Assistant to access my NAS, a browser window opens and it says, "Your connection isn't private. Attackers might be trying to steal your information from XXX.XXX.XX.XX (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID. This server couldn't prove that it's XXX.XXX.XX.XX; its security certificate is from XXXX.synology.me. This may be caused by a misconfiguration or an attacker intercepting your connection. Continue to XXX.XXX.XX.XX (unsafe)."

I hit continue and am taken to the log in page where I enter my NAS username and password, and log in. Even though I am able to successfully log in, I am very uncomfortable that this error appears, as it leaves me wondering if my NAS is wide open to others. I don't know if it is relevant, but I got 2 certificates because somewhere, something said I needed to, but I have no idea what they do or how to make them do what they're supposed to do; one says (Default certificate) (RSA/ECC) Synology DDNS Certificate, and the other one says (RSA/ECC Synology QuickConnect Certificate.

Could someone please tell me, in very basic, easy to understand terms how to fix this, or point me to some instruction somewhere that will?
 
Solution
So looks like you tried to connect to your nas with your NAS IP address over https protocol without a valid certificate. The browser then warned you that this is potentially dangerous (and it is only when you are outside your home network).

To get around this, just try and connect to your nas using the DDNS or QuickConnect address that does have a valid certificate issued to mitigate the error at hand.
Hi Rusty. Thank you for your reply. This makes sense to me somewhat. Interestingly, as I use the Synology Assistant to connect to my NAS, the assistant uses the IP address, so perhaps this is the flaw in that method. I will try adding the quickconnect address to my browser favourites and go in that way and see if it helps...
This server couldn't prove that it's XXX.XXX.XX.XX; its security certificate is from XXXX.synology.me.
So looks like you tried to connect to your nas with your NAS IP address over https protocol without a valid certificate. The browser then warned you that this is potentially dangerous (and it is only when you are outside your home network).

To get around this, just try and connect to your nas using the DDNS or QuickConnect address that does have a valid certificate issued to mitigate the error at hand.
 
Upvote 0
Last edited:
So looks like you tried to connect to your nas with your NAS IP address over https protocol without a valid certificate. The browser then warned you that this is potentially dangerous (and it is only when you are outside your home network).

To get around this, just try and connect to your nas using the DDNS or QuickConnect address that does have a valid certificate issued to mitigate the error at hand.
Hi Rusty. Thank you for your reply. This makes sense to me somewhat. Interestingly, as I use the Synology Assistant to connect to my NAS, the assistant uses the IP address, so perhaps this is the flaw in that method. I will try adding the quickconnect address to my browser favourites and go in that way and see if it helps.
-- post merged: --

So looks like you tried to connect to your nas with your NAS IP address over https protocol without a valid certificate. The browser then warned you that this is potentially dangerous (and it is only when you are outside your home network).

To get around this, just try and connect to your nas using the DDNS or QuickConnect address that does have a valid certificate issued to mitigate the error at hand.
It worked! Thank you so much Rusty, I can't tell you how relieved I am after all this time.
 
Upvote 0
Solution
Hi. Thought I'd bring back this thread since I am suffering from a similar problem.
Everything was working fine until I checked a box that said open all http links (?) with https (or something to that effect. I the got a message saying "This Connection is Not Private".
So now I can't get into DSM 7.1 with my NAS IP address.
I see the synology certificate is not trusted.

How can I fix this? Rusty suggested connecting my NAS using the DDNS or Quickconnect. I don't have QucikConnect set up yet and I don't know what DDNS is or how to connect to my NAS with it to DSM and the Control Panel.

Any help would be appreciated. Thanks
 
Upvote 0
How can I fix this?
Well you should be able to log into your NAS using the IP address even if the address is not trusted over https.

Most browsers will stop you and suggest not to proceed but you can make an exception and move forward.

The option you have activated was http to https redirect. What this means is that any communication towards the NAS/DSM will go over https protocol and in return any domain name and/or ip address needs to be covered with a valid certificate.

If the certificate is missing, you get a warning but that should not stop you from logging in anyways.

Once you log in you can then disable that option or live with it. Also, you can get a Let's Encrypt certificate down the line if you need it for anything.
 
Upvote 0
Rusty, I did not realize I could still login. It was very small print! Thanks. I got in and disabled that option.
Did some searching and it looks like there is more to it than just changing a simple setting to set up https.
I'll check out Let's Encrypt.
 
Upvote 0
Rusty, I did not realize I could still login. It was very small print! Thanks. I got in and disabled that option.
Did some searching and it looks like there is more to it than just changing a simple setting to set up https.
I'll check out Let's Encrypt.
Just to say that if you are only accessing your NAS over a local LAN, eg from a device at home to a NAS in the same home, then you are safe to just leave that browser 'ignore' option in place.

No-one is going to be mitm intercepting your data on your home network. Browsers (understandably) just assume that all your connections are to web servers and sites over the public internet.
 
Upvote 0
Ok, I'm reviving this thread because I'm experiencing the same problem, but none of the solutions mentioned above are helping:

When using the DS Finder app on my iPhone to discover my NAS, whether I use the IP address or my QuickConnect name to establish a connection, DS Finder opens a temporary Safari session for the login that doesn't allow me to proceed ( "Your connection isn't private" error ), unlike Chrome, which provides the option to continue.

Interestingly, before iOS 17, the DS Finder application was working fine.

Other observations:
  1. DS Finder works from an Android device, as it utilizes a temporary Chrome session for the connection.
  2. On my iPhone, if I attempt to connect to the NAS via web browser with Chrome, it succeeds, but when using Safari, I end up unable to proceed, again with "Your connection isn't private" error.
Unfortunately, there's no way to force DS Finder to use Chrome instead of Safari, probably because it's coded within the app.

Any suggestions, maybe regarding tampering with Safari's configuration on my iPhone?

Thanks,Andrea
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
When you login to the NAS and experience this issue of the certificate, check what is reported as the...
Replies
13
Views
2,403
  • Question
Your situation seems like it should be simple and that the security mechanisms are being overly pedantic...
Replies
10
Views
7,936

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top