Setup SSL on Synology NAS: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Create a self-signed SSL and root CA to sign the SSL == === Prerequisites === * Diskstation must have a fixed IP address on your LAN. * Ability to add or assign certifica...") |
No edit summary |
||
| Line 62: | Line 62: | ||
* Expand the '''Trust''' group. | * Expand the '''Trust''' group. | ||
** '''When using this certificate:''' Always trust | ** '''When using this certificate:''' Always trust | ||
== Connecting to DiskStation via SSL == | |||
* Use https, of course. | |||
* Use port 5001 and not port 5000 (http). | |||
== Reference == | == Reference == | ||
Revision as of 21:41, 15 May 2021
Create a self-signed SSL and root CA to sign the SSL
Prerequisites
- Diskstation must have a fixed IP address on your LAN.
- Ability to add or assign certificates to devices you want to approve your SSL.
Create certificate on DiskStation
- DSM > Control Panel > Security > Certificate
- Click Add to start the process
- Choose Create self-signed certficate
- First create a Certificate Authority (CA) that will sign the site SSL
Create Root Certificate
- Private key length: 2048
- Common name: MyCA (Any name will do)
- Email: myemail@domain.com
- Location: [US] United States of America
- State/Province: [state name]
- City: [city name]
- Organization: myOrg (Any name will do)
- Department: (Again, any name)
- Click Next
Create Certificate
- Private key length: 2048
- Common name: [DiskStation static IP]
- Email: myemail@domain.com
- Location: [US] United States of America
- State/Province: [state name]
- City: [city name]
- Organization: myOrg (Any name will do)
- Department: (Again, any name)
- Subject Alternative Name: [Diskstation static IP plus any aliases, separated by semicolons]
- Click Apply
Make the new certificate the default.
- DSM > Control Panel > Security > Certificate
- Select the new certificate in the list.
- Click Configure
- Select the certificate for System Default and any other relevant services.
- Click Ok.
- The web service will restart.
Trust the certificate authority locally
Mac OS
Export the certificate.
- DSM > Control Panel > Security > Certificate
- Select the certificate in the list.
- Add > Export certificate
- Save the zip file locally and expand it.
- Double click on the certificate (
cert.pem) to open the Mac OS Keychain Access app. - Click on the certificate in Keychain Access.
- Add the certificate at a "system" level (not local level.)
- Expand the Trust group.
- When using this certificate: Always trust
Connecting to DiskStation via SSL
- Use https, of course.
- Use port 5001 and not port 5000 (http).