I have been working with Synology Disk Station products for SOHO for a long time now. It’s a costly NAS but worth it because of: the combination of high-quality software (DSM) and hardware, and it is friendly for newcomers and professionals alike.
By default, Synology offers access to the NAS UI via HTTPS or HTTP protocol.
While HTTP is the simplest option, HTTPS (if done properly) is much more secure. However, the self-signed certificate, provided by Synology is not good neither in terms of security or user experience (ie: RED alerts in browsers and etc).
In general, in DSM 7 you may issue a certificate by two methods:
- request a free certificate from Let’s Encrypt
- import already existing certificate
The first option is available only in case you exposed your Synology to the public internet which might not be the best idea in terms of security.
In this article, I would like to share an approach on how to secure a connection to the Synology by issuing a valid (!) certificate without exposing NAS to the outer world.