Synology SSL certificate settings for GoDaddy
Remote access to Synology requires a key component called an SSL certificate to protect your data. The site warning can be avoided by adding the domain as a security exception, allowing you to access DSM normally. However, to verify the identity of your Synology NAS and ensure that the connection is truly secure, you need a third-party certificate from a trusted certificate authority.A less secure alternative is a self-signed certificate. Below are instructions for third-party CAs such as GoDaddy.
Looking for a DDNS certificate?
How can I get a Let's Encrypt certificate on my Synology NAS? – Synology Knowledge Center
before you start
Be sure to go to GoDaddy, register a domain name, and create an A record pointing to the Synology Diskstation's WAN IP address.
To obtain a third-party certificate for your Synology NAS, please make sure you have registered a domain name. You must also bear any costs required by the accrediting body.
Pro Synology IT-Support-Tips!
- The preliminary information here is about setting up your GoDaddy FQDN. All done and waiting for email? Note: A CSR must be generated via DSM for GoDaddy to send this email.
- Are FQDN and CSR generated by DSM? Go to waiting email.
- Scroll down to GoDaddy Details to enter the CSR file you received from Synology.
- After downloading the certificate file from GoDaddy, scroll down "Synology SSL Certificate Settings for GoDaddy - Summary"
Additional resources: Access Synology remotely so you can work from home
- Best practice guide for setting up remote access for environments with fewer than 10 users.
- NOTE: Does not include VPN or port forwarding steps
- Synology port for remote access
- Synology SSL certificate settings
- Certificate Issues with Dynamic IP WAN and Synology Hosting
- Support Cloud Station, DS Cloud PC and mobile phone setup
Certificate settings:
- Please note the import certificate as below. This is a CRT released with .key and gd, you need the gd1 intermediate package.
- On the Import Certificate screen, click Browse and import the following file.
Private Key: Select the server.key file you saved earlier on your computer
Certificate: Select the signed certificate you received from a certificate authority. The file name should be something like server.crt or yourdomainname.crt.
Intermediate Certificate: This field is optional. If the CA provided an intermediate certificate, enter it here
Note: Look for file extensions in Windows File Explorer to help distinguish files.
Get CSR
Expert Tips! Keep the CSR in a safe place so you can renew your certificate every year. Make sure to document it!
1. Download server.csr to your computer. *Save the Synology zip file as Synology_CSR.zip
2. Open server.csr with a text editor and copy the text
3. At this point you can useserver.csrA file that requests a signed certificate from a third-party CA. The process and required fees vary by accreditation agency. For more information, please contact the certification body directly.
Obtain a third-party certificate (***)GoDaddy Specials***)
Contact GoDaddy at 1 (480) 505-8877 to purchase a standard SSL certificate. Then go to the link below to complete the setup.https://certs.godaddy.com/
Take the CSR (generated by your Synology device) to a certificate authority (CA) such as Godaddy.
Purchase an SSL certificate (CRT).
Request or create a CRT. You will need your CSR (from Synology Control Panel - Certificates).
Godaddy will ask you to apply for a CRT and ask you to enter your CSR. Paste the text from server.csr (open with notepad and paste dashes/all).
Diagram GoDaddy Certificate Setup
Godaddy has a certificate management page when you log into your account on the website.
https://certs.godaddy.com/
Note: Is there a problem with your current Synology SSL certificate setup? Make sure your Common Name is set correctly so that it says "diskstation" or "dsm.domainname.com".
1) Open the CSR file created on Synology in Notepad
select and copy all
Expert Tips! Want to verify that the CSR file contains the correct information? i.e. common name etc.
Paste into this tool...https://www.sslshopper.com/csr-decoder.html(Be sure to press Enter multiple times to confirm the content after pasting the file.)
2) Paste all notebook text from the CSR file
3) Choose this option if you host your own server or Synology. Very important step! ! ! see the picture.
*
Make sure it has the correct common name you entered when creating the CSR on Synology.
https://dsm.IhrDomainname.net
waiting for email
Wait for the email...and download the file.
After obtaining an SSL certificate from GoDaddy or a third party...chooseadd new certificate.then clickNext. Please refer to "How to import a self-signed certificate to DSM"
Note: Look for file extensions in Windows File Explorer to help distinguish files.
- server.key (from Synology CSR, not latest download from GoDaddy_
- Note: If you enter the "server.csr" file instead of "server.key", Synology will report "Illegal private key".
- Enter the location of the certificatedomain.crt(not the "bundle.crt" you received from GoDaddy)
- Enter the location of the intermediate certificategd_bundle.crtReceived from GoDaddy
After successfully setting up the DSM certificate and confirming the Godaddy setup, I still receive a "Certificate Download" error message
Make sure the new domain certificate is the default certificate. You can select "Configure" on the new certificate to set the new certificate as the default.
Make sure you have the correct common name. IEdiskstation.domain.comIt may appear below the key, but additional steps may be required to enter the FQDN.
Download CRTs.
*This can be done via email or by editing text DNS records.
You might get some extra files, but the CRT is all you really need.
Files can be compressed. If so, expand the file.
Download the previously generated server.key to your computer. *GoDaddy accounts retain the zip file for the life of the certificate
Login to DSM->Control Panel->Network->DSM Settings->HTTP Service tab
Click Enable HTTPS connection
Click Add and Import Certificate
Enter the location of the private keyserver key
Enter the location of the certificatedomain.crt(not the "bundle.crt" you received from GoDaddy)
Enter the location of the intermediate certificategd_bundle.crtReceived from GoDaddy
click OK
click apply
It is now linked to your domain name. Set your DNS to Synology to use a third-party SSL certificate. For example B. diskstation.yourdomainname.com
Annual SSL Certificate Renewal
You must download new files and upload them to the CA before you can renew the certificate. You can find the process here:
https://www.synology.com/zh-cn/knowledgebase/DSM/help/DSM/AdminCenter/connection_certificate
Expert Tips! To make this process successful, you need the original Synology CSR file.
The private key is the .key file created when setting up the certificate on the Synology hard drive. You just need to find the archive.zip file from the build date and use that private key. This private key is the key used to authenticate your settings.
The rest of the files will be downloaded from GoDaddy. Godaddy has a certificate management page when you log into your account on the website.
https://certs.godaddy.com/
It's time to renew my SSL certificate - what if I lost my Synology CSR (private key) file?
Expert Tips! Have you really lost your files? First, scan your hard drive for a CSR (Certificate Signing Request) before starting to delete the certificate setup. Here is the search command... C:\>dir /s *.csr
Can't find your CSR?
You need to delete and recreate your current certificate, then go through GoDaddy to set it up and get a new document with a new private key. Unfortunately, without this key file, you need to obtain permission to use the certificate and manually renew the certificate.
Third-party or GoDaddy SSL replacement certificates are listed in the "ReyKey and Management" section.