I have a Synology DiskStation DS1815+ since a few weeks now and I already got annoyed with Chrome Browser warning me about the self signed SSL certificate. So I installed a free AND valid certificate from StartSSL to get rid of the warning. Here are the steps you need to take (yes, it is a very short howto):
- Go to https://www.startssl.com/ and sign up.
- They use certificates to authenticate you, so you need to install the certificate, when your browser asks you to do so
- Make a backup of that certificate. In Chrome, go to “Extended Settings” and click on “Manage Certificates” in the “HTTPS/SSL” section.
- On the Mac it will open the keychain tool. Select the “login” keychain and the “certificate” category.
- Find the certificate that is named like your eMail address and make sure it has an “www.startssl.com” private key attached to it
- Export the certificate as “.p12” file and save it in a secure place
- Start the “Validation Wizard” and prove that you are the owner of your domain (It sends an eMail with a verification code to the hostmaster eMail address)
- After you have validated the domain, start the “Certificate Wizard”, enter a strong password for the new certificates private key and leave the rest untouched.
- Copy the encrypted key to a local text file, e.g. “mydomain-key.txt”
- After that the certificate is created, but usually you can’t download it immediately
- In the meantime, go to the “Toolbox” menu and click on “Decrypt Private Key”
- Copy the key you saved before and the password into the boxes
- Save the decrypted key in another local text file, e.g. “mydomain-key-decrypted.txt”
- When you receive the eMail that your certificate is ready, click on “Retrieve Certificate” in the toolbox section and save it too. E.g. “mydomain-cert.txt”
- The last step is to download the StartSSL intermediate certificate from “StartCom CA Certificates” also in the toolbox area. The link is called “Class 1 Intermediate Server CA” and the file name should be “sub.class1.server.ca.pem” after you downloaded it.
- Now you can go to your Synology: Control Panel > Connectivity > Security > Certificate and click on “Import certificate”
- Upload the three files (certificate, the decrypted key and the intermediate certificate) and you are done
After logging out, closing the browser window or tab and logging back in, you should see no more SSL warnings.
As of 21 January 2017, This does not work anymore since Apple, Google have banned StartCom / StartSSL authorities. My iPhone running iOS 10.2 cannot connect to my NAS anymore. I have not yet identified a workaround.