Second you need to supply the details for the certificate itself.Ĭreating the self-signed certificate from the Synology control panel has a key step that you must complete or the certificate will be invalid. In DSM 6.0 -> Control Panel -> Security -> CertificateĬlick “Add” to start the process and choose “Create self-signed certificate”įirst you create a Certificate Authority (CA) which is the master key that will sign the site usable SSL. You must be able to add or assign certificates to devices you want to approve your SSL.Your Diskstation must have a fixed IP address on your LAN.
No, you cannot buy a public SSL from a 3rd party Certificate Authority (CA) for an internal IP as the practice was banned in 2016 by the Certificate Authorities Browser Forum to reduce the threat of man-in-the-middle (MITM) attacks.Ĭhoice 3 is what this post is about, but it has some foibles. This is best if you need to secure a local LAN asset where you do not control all devices accessing the Disktation. Next you can generate a valid Certificate Signing Request (CSR) for the FQDN and configure DNS to point back to your local LAN and setup whatever routing is required. You need a public domain name to so you can create a fully qualified domain name (FQDN) for your Diskstation (something like ). I had been at choice 1, but it was getting bothersome.Ĭhoice 2 is the correct (harder) way to do things but has some financial costs. Create a self-signed SSL and root CA to sign the SSL.Register an Internet FQDN to your local IP.There are 3 choices here for the LAN user: It does mean that now accessing your Synology Diskstation over the local network will throw up a selection of security warnings. Since Google released Chrome version 56 (January 2017) the warnings against HTTP only sites that collect passwords and personal details as well as HTTPS sites with untrusted SSL certificates has been stepped up and this can only be a good thing for the web.
0 kommentar(er)
