How to install an SSL certificate on Synology NAS

  SSL Installation instructions

Once the issued SSL certificate is activated, validated and emailed to you, it is necessary to install it on your Synology NAS. Alternatively, the SSL certificate can be downloaded in your account by following this guide.

In order to install the SSL certificate, go to Control Panel and navigate to Security >> Certificate. When in this section, click Add.

In the appeared window, select Add a new certificate and click Next.

In the next window, choose Import certificate.

The  Description field is necessary to differentiate certificates if you have several of them installed. You may leave this field blank.

In addition, check the Set as default certificate box. This feature  needs to be enabled in order to access the server securely using your domain name.

At this point, it will be necessary to upload the following files to your Synology NAS:

Private Key – the server.key file which is located in the file on your computer. This archive was downloaded on your desktop after CSR code generation.

Certificate – the example_com.crt file located in the archive which was emailed to you after SSL issuance.

Intermediate certificate – the .ca-bundle file which can be found in the same archive emailed to you once the certificate is issued. You can also download the intermediate certificates (CA bundle) for your SSL type here.

After all the fields are filled in, click OK.

Possible errors:

There are several issues that may occur when uploading the certificate to your Synology NAS.

1. Illegal private key

This error message pops up if the wrong Private Key is being uploaded. Private Key is the server.key file which is located in the file you downloaded after generating the CSR code for the certificate.

Resolution: Use the server.key file generated along with the CSR. If the file was lost or deleted, you can reissue your SSL certificate using a new CSR code.

NB: All other error messages look practically the same excluding the actual name of the error.

2. Invalid cipher type

This error may occur if the Private Key’s header and footer do not include “RSA”. Thus, they look like —–BEGIN PRIVATE KEY—– and —–END PRIVATE KEY—– instead of —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—–.

Resolution: Edit your Private Key in any text editor by adding “RSA” to the header and the footer.

Illegal certificate

This error may arise if the archive with the SSL certificate was opened via a text editor and uploaded without unzipping it first. Thus, there is some unnecessary text left before the —–BEGIN CERTIFICATE—– header.

Resolution: Unzip the archive you received after SSL issuance and open the certificate file using any text editor.

Once the SSL certificate, Private Key and Intermediate certificate are uploaded successfully, your Synology NAS will restart automatically.
After this, the Security section of your Control Panel should look like this:

The SSL certificate is now installed correctly, and you can access your NAS using your domain name, for instance, If there are no warning alerts and the green padlock or the Secure sign is seen next to the URL, the connection to your server is now secured. You can always check the correctness of SSL installation using this tool.

It is also possible to force a secure connection when connecting to your server. In order to do this, navigate to Control Panel >> Network >> DSM Settings and check the Automatically redirect HTTP connections to HTTPS box (Web Station and Photo Station excluded). Once the box is checked, press Apply.

After the server is restarted, only the HTTPS protocol will be available for authentication.

If you experience any difficulties throughout the process, feel free to contact our Support Team via ticket or click on a blue bubble icon in the lower right corner of the page to start a Live Chat conversation with one of our agents.