My Synology NAS allows the use of SSL to encrypt traffic. The default certificate supplied works, but gives an exception in the browser: There is a problem with this websites security certificate. The problem is the address and the certificate don’t add up. So the solution is to setup your own domain, link it to your NAS and create a certificate for it.
- Head over to startssl and goto Control Panel. Start the Express lane or Authenticate when you’ve already signed up.
- The Express lane guides you through the signup process and starts the Validations Wizard. When you authenticated/signed in you can start the Validations Wizard now.
- Choose Domain Name Validation and continue
- Enter the domain name (findmynas.nl) and continue
- Select the e-mail address to use for verification and continue. This is why I always have a catch-all e-mail (* for namecheap).
- Copy-and-Past the verification code from the e-mail into the field and continue
Now the domain is verified and the SSL can be generated.
- Start the Certificates Wizard. Choose Web Server SSL/TLS certificate and continue
- Enter and confirm a Password, leave the keysize and algorithm to the defaults and continue
- Now you need to save the encrypted private key by Copy-and-Past to a plain text file.
Since I’m doing this from a MacBook I execute the openssl rsa -in ssl.key -out ssl.key command in terminal. There is a tool in the Tool Box that can do this for you online.
- Select your domain (findmynas.nl) and continue
- Enter the subdomain setup for DDNS and continue
- Confirm your choices on the next step and continue
- Now you need to save the encrypted certificate by Copy-and-Past into a plain text file.
Also save the intermediate and root CA certificates: the bolt texts in the wizard are links to the files you need.
- Now login to your NAS and goto Control Panel > DSM Settings tab Certificate and choose Import certificate. Select the files you’ve created above.
- Add the root CA certificate to your keychain/certificate store by double clicking and importing it to Trusted Root Certification Authorities.
Now you can access your synology NAS over the internet without the certificate Error.
Note that the used domain FINDMYNAS.NL is not mine and only used for demo purposes because it was available at the time I created this post.