Jump to content

I 'm trying to get encryption to work with my Synology mobile apps (Drive, Notes, Moments ) but ...

G+_Alex Martinez

By G+_Alex Martinez,
in Know How

 Share

Recommended Posts

G+_Alex Martinez Newbie

G+_Alex Martinez

Posted
Posted

I'm trying to get encryption to work with my Synology mobile apps (Drive, Notes, Moments ) but I'm getting a little confused. On Synology mobile apps it gives the option to "

enable SSL data transmission Encryption" But when I click on it it gives me a message "The SSL certification of the diskstation is not trusted. this may mean that it is a self-signed Certification or someone may be trying to intercept your connection"

 

I have quick connect already set up and i have followed this video (

) from Synology to set up https with Synology.me as a domain name in ddns and setup lets encrypt in certifications settings. Am I doing something wrong? I see there's also where I can do port forwarding in my router but im not sure if i am suppose to go down that route. Also i enabled " automatically redirect http connections to HTTPS yet im getting in my browser " Your connection is not secure The owner has configured their website improperly"

 

I really trying to get this to work hopefully someone can give me some helpful tips

 

Link to comment
Share on other sites
G+_Brent Vrieze Newbie

G+_Brent Vrieze

Posted
Posted

All the info you gave looks like you don't have your certs properly set up. (Was that statement a duh on my part?). I'm not sure how much you know about certs but if you truly did a lets encryp cert then you should be ok. What I see right now makes me think you are using a self signed cert. If you can look at the cert it will tell you who signed it.

Link to comment
Share on other sites
G+_Alex Martinez Newbie

G+_Alex Martinez

Posted
  • Author
Posted

I checked in security and certificate and says it's issued by Let's encrypt authority x3. i didn't know i had to open up port forwarding in my router to have let's encrypted work right but seems like I'll have to do it. i see in "router configuration" tab that it wants to open port 5000 and 80 but can't . i just thought i heard in one of the previous shows father Robert said that he didn't like poking holes into the router and quickconnect solved that.

Is there a way i didn't have to port forwarded maybe use a different certificate?

Link to comment
Share on other sites
G+_kurterst Newbie

G+_kurterst

Posted
Posted

Hi Alex Martinez

First, yes QuickConnect is more secure. It uses 'hole punching' to establish a connection between your DS app and your NAS. It will use the self-signed certificates to encrypt everything as well via SSL/TLS. This whitepaper is a bit old but describes how QuickConnect works. You can also Google network hole punching and get more information.

global.download.synology.com - global.download.synology.com/download/Document/WhitePaper/Synology_QuickConnect_White_Paper.pdf

 

Let's Encrypt will not do this. It has two methods of verifying that you own some domain name.

1. Provision a DNS record

2. Provision an HTTP resource under a well known URI

Let's Encrypt uses the second method on Synology NAS devices. See the URL below for more information.

https://letsencrypt.org/how-it-works/

 

To use the various apps you do not need Let's Encrypt. It sounds like you don't want the invalid certificate notice every time you log into your DSM (Synology).

 

It appears you have successfully received the Let's Encrypt certificate. On your NAS in the control panel under security and then certificate do you see a new certificate with you.synology.me as the domain? Did you then configure that certificate (highlight it and click configure) to be used for the system default service?

 

If so, you should be able to access your NAS using https://you.synology.me:5001. Replace the URL with whatever domain you used for Let's Encrypt. What IP address do you get when you dig that domain? (dig @8.8.8.8 you.synology.ne - or nslookup) It should be your public WAN IP address. To access my Synology NAS device I updated my hosts file and used the private internal IP address (192.168.x.y you.synology.me) and mapped that to your new Let's Encrypt domain. This will keep your traffic internal at home.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...