Before you install an SSL certificate determine your needs. If you plan on conducting monetary transactions or supplying sensitive information, you will need to purchase a certificate from a third party but If you only want a secure website, the free versions work fine in most cases. Synology provides a default certificate but it is registered to Synology and does not provide any information about your domain. Fortunately Synology offers two ways to install or a free SSL certificate. Keep in mind free versions do not include both non-www and www addresses by default but you can enter this information when you create the certificate.
The first is a self-signed certificate. While a self-signed certificate encrypts transmissions, it does not provide third party verification ensuring you are who you say you are. This may cause issues depending on the user's browser security level. When a user connects, their browser will detect a self-signed certificate and may deny a connection if the security level is set too high.
The second type is from Lets Encrypt. Synology added this feature so you can easily install a SSL certificate without going to the Lets Encrypt website. The current free version from Lets Encrypt is issued by ESET and is valid for three months. Click HERE to view installing the Lets Encrypt certificate.
To install a self-signed certificate log in to DSM and select Control Panel then select Security.
Security opens with the security tab. You can check the option boxes, as shown, improve your security.
Select the Certificate tab. When the page opens you will see the default Synology certificate.
Select Add a new certificate and select the NEXT button at the bottom of the page.
When the add option opens you are given different certificate creation options. Enter the descriptive information for your new certificate in the description window.
Select Create Self signed certificate. You can make this the default certificate by checking the box at the bottom of the window then select Next.
Here you enter your domain and site information.
Leave the private key length set to 2048.
Enter your domain name for the common name.
You must also enter the email address to use for your website.
Select your country for the region.
Enter your state or province and the City where your server resides.
You must enter an organization name. This name cannot be identical to the domain name.
Enter a department such as Marketing, Research, Sales etc.
When you are finished select next and the box reappears with the option to add aliases. You do not need to add anything here but may want to add the a www or email domain name. When finished press Apply.
Select apply and your new certificate appears in the certificate window. Notice the new certificate is now the default.
Install a Certificate from Lets Encrypt
Select Security from the control panel and then select the security tab.
Security opens with the security tab. You can check the option boxes, as shown, improve your security.
Select the Certificate tab. When the page opens you can see the default Synology certificate.
Select Add a new certificate and select the NEXT button at the bottom of the page.
When the create certificate window appears, enter the descriptive information for your new certificate in the description window. Select Get a certificate from Lets Encrypt. Select the Set as default certificate checkbox to make you new certificate the default.
Using the Lets Encrypt option requires minimal entries because your Synology supplies the additional information.
Enter your domain name.
The email address to use for your site
Last enter any aliases you want on the certificate. i.e. www or email addresses.
You can make this the default certificate by checking the box at the bottom of the window.
When you select apply your Synology server will connect and pass information to Lets Encrypt. When the certificate is issued it will install automatically and display on the certificate page.
If you receive a "Failed to connect to Lets Encrypt" error, make sure your domain name is valid and registered. Additional issues that will cause an error is if your domain name is already attached to another certificate or an invalid certificate.
If you want to change the default certificate, select the certificate you want make the default and select edit.
Check the Set as default certificate box. While you are in the edit screen you can add a description it you forgot to add one when the certificate was created. Select OK when you are finished.
Return to the top