Enable HTTPS, Generate a CSR, and Install an SSL/TLS Certificate in Synology NAS

This how-to will show you how to enable HTTPS, generate a certificate signing request (CSR), and install an SSL/TLS certificate in Synology NAS (Network Attached Storage), via Synology’s web-based DiskStation Manager (DSM) operating system.

Enable HTTPS

1. Before you generate a CSR, you should enable HTTPS. Begin by signing into DSM with an account in the Administrators group, then launching the Control Panel.
   
2. Navigate to Network > DSM Settings.
   
3. Check Automatically redirect HTTP connections to HTTPS for DSM desktop and Enable HTTP/2, then click the Apply button.
   
4. The web server will restart. You can now connect to your Synology NAS via HTTPS at https://your.domain.name:5001. Note that until you install a certificate signed by a publicly trusted CA (such as SSL.com), you will probably have to navigate browser trust warnings like the one shown below from Google Chrome.
   

Generate CSR

1. Go to Control Panel > Security > Certificate.
   
2. Click the CSR button.
   
3. Select Create certificate signing request (CSR), then click the Next button.
   
4. Enter the information that will be included in your CSR. All of these fields are required by the Synology  Control Panel.
   
   
   • Choose a key length from the Private key drop-down menu.
   • In the Common name field, enter the domain name of your Synology NAS.
   • Enter your email address in the Email field.
   • Choose your country from the Location drop-down menu.
   • Enter your city in the City field.
   • Enter your company or organization’s name in the Organization field.
   • Enter your section or department in the Department field.
   • When you are finished entering information, click the Next button.
   
5. Click the Download button.
   
6. A file named archive.zip will be downloaded to your computer. It contains your new CSR (server.csr) and private key (server.key). Keep these in a secure location.
   
7. When you are ready to order your SSL/TLS certificate from SSL.com, open server.csr in a text editor to cut and paste into your web browser.
   

Install SSL/TLS Certificate

1. When you have received your certificate from SSL.com and are ready to install it, navigate to Control Panel > Security > Certificate.
   
2. Click the Add button.
   
3. Select Add a new certificate, then click the Next button.
   
4. Select Import certificate, check Set as default certificate, then click the Next button.
5. Use the Browse buttons to select the Private Key you downloaded in the previous section (named server.key) and your signed Certificate from SSL.com.
   
6. For the Intermediate certificate, upload an SSL.com CA bundle file. If this file was not included in your certificate download, you can retrieve it from the order in your SSL.com account. The filename should end with .ca-bundle.
   
7. Click the OK button to import the certificate, CA bundle, and private key.