Recommended Posts

I am running dsm 6.2.3.

In one of my android app (ds file) I get a warning of not trusted SSL certificate when I try to log in using httpS. In other apps such as ds get ot ds audio it works fine.

 

Any way to solve it without let's encrypt (90 days renewal downside)?

 

A friend of mine has the same hardware and dsm version with no issues like mine.

Link to post
Share on other sites
2 hours ago, jensmander said:

Self-signed certificates are only accepted without warnings if they are imported in the device‘s trusted certificate storage/pool as root certfication authority. 

How can I solve the problem? I'm sort of a noob. Using the DS File app is not key to me. I can either try to fix the certificate issue or simply stop using that app as long as it doesn't mean any security risk.

 

Would it work to simply renew the certificate? Any issues with that?

Link to post
Share on other sites

There really isn't anything to solve.  The Synology self-signed cert does not exist in your browser, so the error is thrown.  It's informational only, to help protect you from a very unlikely "man-in-the-middle" crypto attack where someone can intercept your data stream on your local network, and respond to you instead of your Synology.   Needless to say, they need access to your LAN where both devices can be monitored.

 

Unless you plan to use the Syno over the Internet (in which case you should get a properly signed cert with a short lifespan, i.e. LetsEncrypt), this is a virtually nil risk.

Link to post
Share on other sites

@Stargate Are you using an ip address or non public domain name in the Address field? If so you'll likely be using a default self signed ssl certificate that synology generated. If that is how you're set up and you just want SSL without the warning, try the setting I mentioned below. If you in fact do want a proper signed ssl certificate for a public host, let me know.

When you look at the DS file (android app) login screen, the bottom left corner has a "settings gear" under that is the "Login Settings" which has an option for "Verify certificate" you can uncheck it to avoid the invalid certificate errors if you don't have a signed ssl certificate.

Edited by shrabok
Link to post
Share on other sites
Posted (edited)

In my lan I use ip address. Over the internet I my ddns domain. I rarely use DS File out of my Lan, so I could stop using Ds File app if necessary in case that solves the problem. About the verification option you mentioned, I'll give it a try.

 

I'm just surprised that my friend, who has got the same hardware and dsm version, has no such ssl issues.

 

Other apps like Ds Get https work fine and I can use https over the internet.

Edited by Stargate
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.