The purpose of this article is to describe the SSL installation process on Synology NAS server and point out the possible issues with it.
Also, the following settings should be done on the server end.
Once the certificate is issued, you will receive an email from the Certificate Authority containing the SSL certificate files. Now you are ready to import the trusted certificate to your Synology server using the steps below.
- Navigate to Synology > Control Panel > Security > Certificate and click on Import Certificate.
- Browse and import the following files for each field:
Private Key - server.key.
Certificate - domain_com.crt (received from the CA .zip file in email).
Intermediate certificate - CA Bundle (.ca-bundle) file from the fulfillment email.
Note: The certificate files can also be downloaded in your Namecheap account.
Note: In this guide we are using PositiveSSL certificate as an example,
the installation will be the same for other SSL types with different CA Bundles.
PositiveSSL RSA Bundle contains:
Sectigo RSA Domain Validation Secure Server CA [ Intermediate ]
USERTrust RSA Certification Authority [ Cross Signed ]
PositiveSSL ECC Bundle contains:
Sectigo ECC Domain Validation Secure Server CA [ Intermediate ]
USERTrust ECC Certification Authority [ Cross Signed ]
- Once the files are browsed, click OK.
Note: Please use the decrypted Private key file, there may be issues during the process if you use the Encrypted one. Presumably, these issues may occur with the outdated versions of Synology server, this is why Synology highly recommends the latest version to be used. By the time the article was written, it was DiskStation Manager 5.1 (DSM 5.1).
Invalid cipher type error
There are a few more possible issues during the installation process, and one of them is Invalid cipher type error.
The error may pop up if the Private key file does not have in header (has -----BEGIN PRIVATE KEY and -----END PRIVATE KEY----- instead of -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----).
Solution: Modify the file in text editor.
Illegal certificate error
The Illegal certificate error may appear when importing the certificate. The reason is typically that the .zip archive is opened in a text editor without unzipping, and there's a text left before -----BEGIN CERTIFICATE----- header in there.
Solution: Unzip the archive and open certificate files one by one with a text editor.
- Synology web server will now restart which should only take a few seconds. Then the Control Panel Certificate page will look like this:
Once the certificate is installed, all should be clear.
Common name mismatch error
Please ensure that a CNAME record was created for the domain and not just a URL redirect from name.synology.me, so the common name of the certificate does not match the domain in the URL. Otherwise, you may get Common name mismatch error in browser if you try to connect to your Synology via https://.
Solution: Create a CNAME for the domain.
Now that the certificate is installed, simply try to access your NAS using your domain/subdomain (e.g. https://yourdomain.com ) - no warnings and a padlock icon in the address bar proves that the connection is now secured by a trusted SSL. You can also test the SSL installation via this online tool.