How to generate a CSR code on Synology NAS

  CSR generation instructions

CSR is an encoded text file that contains necessary information about your organization and the domain name that needs to be secured. A CSR code is used for certificate activation.

Prerequisites before SSL implementation:

    An SSL certificate needs to be purchased. You can check the certificates we provide here.

    You need to have a registered domain name since our SSL certificates can only be issued for a fully qualified domain name (FQDN).

DDNS should be set up in order to configure SSL for your NAS. Synology provides a free DDNS service which can be found here.

    After DDNS is set up, it is necessary to create a CNAME record in order to point your registered domain name to your DDNS service.

If all the aforementioned requirements are met, feel free to proceed with CSR generation.

1. Log into your Synology NAS, follow: Control Panel >> Security >> Click on Certificate on the top menu >> CSR.

2. Choose Create certificate signing request (CSR) and click Next.

3. At this point, it is necessary to provide the following information:

Private key length: specify 2048 as it is the standard and minimum possible value. You can find more information on the key size here.

If you need an ECC certificate, you can use this tool to generate a CSR/Private Key pair as it is not possible to generate an ECDSA CSR directly on Synology.

Common Name: indicate the fully qualified domain name/subdomain the certificate needs to be activated for. If you are generating a CSR code for a Wildcard certificate, the following format should be used: * (the asterisk stands for the subdomains that will be covered by the SSL).

Email: provide your email address.

Country: select your country from the drop-down list.

State/Province: specify the full name of your state or region.

City: provide the full name of your city or locality.

Organization: the name of your company. If you do not have a registered company, enter NA.

Department: specify  the company division or department (IT, Sales, etc.). It is possible to use NA here as well.

After all of the fields are filled in, click Next.

4. At the next step, it is necessary to click Download. After clicking on this button, a file with the name will be downloaded on your computer. This file contains server.csr which should be used for SSL activation and server.key which is necessary for SSL installation. These files should be backed up.

Once the CSR code is generated, you can activate the certificate in your account. After the activation and validation steps are completed, you will receive an email from Comodo (now Sectigo) with your SSL certificate attached. Please remember that the SSL certificate needs to be installed on your server in order to have a secure connection.