Setup SSL on Synology NAS: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(→Mac OS) |
||
| Line 57: | Line 57: | ||
* '''Add''' > '''Export certificate''' | * '''Add''' > '''Export certificate''' | ||
* Save the zip file locally and expand it. | * Save the zip file locally and expand it. | ||
Add certificate issuer to keychain as a trusted certificate authority. | |||
* Double click on the certificate (`cert.pem`) to open the Mac OS '''Keychain Access''' app. | * Double click on the certificate (`cert.pem`) to open the Mac OS '''Keychain Access''' app. | ||
* | * '''Add Certificate''' dialog will open automatically the first time the host is added. | ||
** Add the | ** Set '''Keychain''' to "system". | ||
* Expand the '''Trust''' group. | ** Click '''Add'''. | ||
** Enter password into admin credentials prompt. | |||
* '''Keychain Access''' app > '''System Keychains''' group > '''System''' | |||
* Look for the host under '''Name''' and double click that line. | |||
** Expand the '''Trust''' group. | |||
** '''When using this certificate:''' Always trust | ** '''When using this certificate:''' Always trust | ||
** Close the dialog. | |||
** Enter password into admin credentials prompt. | |||
== Connecting to DiskStation via SSL == | == Connecting to DiskStation via SSL == | ||
Revision as of 01:00, 16 May 2021
Create a self-signed SSL and root CA to sign the SSL
Prerequisites
- Diskstation must have a fixed IP address on your LAN.
- Ability to add or assign certificates to devices you want to approve your SSL.
Create certificate on DiskStation
- DSM > Control Panel > Security > Certificate
- Click Add to start the process
- Choose Create self-signed certficate
- First create a Certificate Authority (CA) that will sign the site SSL
Create Root Certificate
- Private key length: 2048
- Common name: MyCA (Any name will do)
- Email: myemail@domain.com
- Location: [US] United States of America
- State/Province: [state name]
- City: [city name]
- Organization: myOrg (Any name will do)
- Department: (Again, any name)
- Click Next
Create Certificate
- Private key length: 2048
- Common name: [DiskStation static IP]
- Email: myemail@domain.com
- Location: [US] United States of America
- State/Province: [state name]
- City: [city name]
- Organization: myOrg (Any name will do)
- Department: (Again, any name)
- Subject Alternative Name: [Diskstation static IP plus any aliases, separated by semicolons]
- Click Apply
Make the new certificate the default.
- DSM > Control Panel > Security > Certificate
- Select the new certificate in the list.
- Click Configure
- Select the certificate for System Default and any other relevant services.
- Click Ok.
- The web service will restart.
Trust the certificate authority locally
Mac OS
Export the certificate.
- DSM > Control Panel > Security > Certificate
- Select the certificate in the list.
- Add > Export certificate
- Save the zip file locally and expand it.
Add certificate issuer to keychain as a trusted certificate authority.
- Double click on the certificate (
cert.pem) to open the Mac OS Keychain Access app. - Add Certificate dialog will open automatically the first time the host is added.
- Set Keychain to "system".
- Click Add.
- Enter password into admin credentials prompt.
- Keychain Access app > System Keychains group > System
- Look for the host under Name and double click that line.
- Expand the Trust group.
- When using this certificate: Always trust
- Close the dialog.
- Enter password into admin credentials prompt.
Connecting to DiskStation via SSL
- Use https, of course.
- Use port 5001 and not port 5000 (http).