Setup SSL on Synology NAS: Difference between revisions
Jump to navigation
Jump to search
| Line 16: | Line 16: | ||
* '''Private key length:''' 2048 | * '''Private key length:''' 2048 | ||
* '''Common name:''' MyCA (Any name will do) | * '''Common name:''' MyCA (Any name will do, but this name is how the certificate will be identified in Mac OS's Keychain Access (see below)) | ||
* '''Email:''' myemail@domain.com | * '''Email:''' myemail@domain.com | ||
* '''Location:''' [US] United States of America | * '''Location:''' [US] United States of America | ||
Revision as of 04:22, 29 May 2022
Create a self-signed SSL and root CA to sign the SSL
Prerequisites
- Diskstation must have a fixed IP address on your LAN.
- Ability to add or assign certificates to devices you want to approve your SSL.
Create certificate on DiskStation
- DSM > Control Panel > Security > Certificate
- Click Add to start the process
- Choose Create self-signed certficate
- First create a Certificate Authority (CA) that will sign the site SSL
Create Root Certificate
- Private key length: 2048
- Common name: MyCA (Any name will do, but this name is how the certificate will be identified in Mac OS's Keychain Access (see below))
- Email: myemail@domain.com
- Location: [US] United States of America
- State/Province: [state name]
- City: [city name]
- Organization: myOrg (Any name will do)
- Department: (Again, any name)
- Click Next
Create Certificate
- Private key length: 2048
- Common name: [DiskStation static IP]
- Email: myemail@domain.com
- Location: [US] United States of America
- State/Province: [state name]
- City: [city name]
- Organization: myOrg (Any name will do)
- Department: (Again, any name)
- Subject Alternative Name: [Diskstation static IP plus any aliases, separated by semicolons]
- Click Apply
Make the new certificate the default.
- DSM > Control Panel > Security > Certificate
- Select the new certificate in the list.
- Click Configure
- Select the certificate for System Default and any other relevant services.
- Click Ok.
- The web service will restart.
Trust the certificate authority locally
Mac OS
Export the certificate.
- DSM > Control Panel > Security > Certificate
- Select the certificate in the list.
- Add > Export certificate
- Save the zip file locally and expand it.
Add certificate issuer to keychain as a trusted certificate authority.
- Double click on the certificate (
syno-ca-cert.pem) to open the Mac OS Keychain Access app. - Add Certificate dialog will open automatically the first time the host is added.
- Set Keychain to "system".
- Click Add.
- Enter password into admin credentials prompt.
- Keychain Access app > System Keychains group > System
- Look for the host under Name and double click that line.
- Expand the Trust group.
- When using this certificate: Always trust
- Close the dialog.
- Enter password into admin credentials prompt.
Connecting to DiskStation via SSL
- Use https, of course.
- Use port 5001 and not port 5000 (http).
Reference
- How to Setup SSL on a Synology NAS - John Galea
- Guide to add self-generated root certificate authorities for 8 operating systems and browsers - BounCA
- [SOLVED] Correctly installing self-signed cert on home network - Synology community forums