Assign a certificate to my NAS that is not on the same network as my domain


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:


I ran this command:
N/A
It produced this output:
N/A
My web server is (include version):
Ipage
The operating system my web server runs on is (include version):
Apache
My hosting provider, if applicable, is:
IPage
I can login to a root shell on my machine (yes or no, or I don’t know):
I don’t Know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have a NAS at my Office but the network there does not have a Domain. It’s a workgroup. I have a domain and a website that is hosted by IPage but I am trying to see if I can get a certificate for my NAS that is not on the same network as my domain.


#2

Hi @TrentPerez

if the NAS doesn’t have an own domain name, you can’t create a certificate. You can create a self signed certificate and use that. Is it required that you need a public trusted certificate?

Perhaps you can create a subdomain and a dns entry subdomain -> your NAS.

But if that Office network is only private, that may not work.


#3

I have installed the certificate from my website to my NAS but it doesn’t seem to be functioning normally. When I login to my NAS it does not show as secure according to my browser. But, the certificate seemed to install successfully.


#4

If you can’t connect to the NAS with that domain, what’s the point of have a cert for that domain installed there?


#5

What’s the domain name of your NAS? Or the ip address? It’s possible to check your NAS only having an ip address.


#6

I can connect with the IP address of 107.2.114.154 But I get the unsafe site error message from my browser. but when I use the imodrive.synology.me connection I do not get the error message. I just get my DSM page.


#7

That’s normal. Your certificate doesn’t have the ip address as domain name -> your certificate is invalid, if you use your ip address.

That looks ~~ ok.

But: You have ipv4- and ipv6 addresses (via https://check-your-website.server-daten.de/?q=imodrive.synology.me ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
imodrive.synology.me A 107.2.114.154 yes 1 0
AAAA 2603:3016:1203:6f00::1e6b yes
www.imodrive.synology.me A 107.2.114.154 yes 1 0
AAAA 2603:3016:1203:6f00::1e6b yes

Your ipv4 works, your ipv6 has a timeout:

Domainname Http-Status redirect Sec. G
http://imodrive.synology.me/
107.2.114.154 302 http://imodrive.synology.me:5010/ 0.347 D
http://www.imodrive.synology.me/
107.2.114.154 302 http://www.imodrive.synology.me:5010/ 0.313 D
http://imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.030 T
Timeout - The operation has timed out
http://www.imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.027 T
Timeout - The operation has timed out
http://imodrive.synology.me:5010/ -14 10.027 T
Timeout - The operation has timed out
http://www.imodrive.synology.me:5010/ -14 10.027 T
Timeout - The operation has timed out
https://imodrive.synology.me/
107.2.114.154 -14 10.027 T
Timeout - The operation has timed out
https://imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.030 T
Timeout - The operation has timed out
https://www.imodrive.synology.me/
107.2.114.154 -14 10.027 T
Timeout - The operation has timed out
https://www.imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.026 T
Timeout - The operation has timed out

And you have a redirect to port 5010.

So you have to install your certificate there.

There I see only a timeout, so it’s impossible to check that.

Are there other users of that NAT? With mobile devices? If yes, fix the ipv6 problem.


#8

Okay you just went beyond me. I had my router forwarding ports 5000 - 5011 to my NAS device. I am not sure how to “install your certificate there.” I changed my router port forwarding to only forward ports 5000 - 5009 (Not sure that will help though)


#9

You have a redirect http -> port 5010. So if you open only 5000 - 5009, that doesn’t help.

I don’t see if port 5010 has a correct certificate. Perhaps you have already installed it. But I don’t see something -> timeout.


#10

My Synology NAS only allows me to install my certificate, not assign it to specificate ports (Unless I missed something in the setup instructions.) But my Certificate did not show any errors whjen I installed it with the files I recieved from my hosting provider. (IPage) But the connection still shows unsecure errors in my browser. I don’t understand what I am doing wring.


#11

Then you should use the standard ports with your NAS.

Is that a DSM? If yes, you have the wrong port: 5001 is standard.

https://www.synology.com/en-us/knowledgebase/DSM/help/DSM/AdminCenter/connection_network_dsmsetting

Now port 80 / 443 is open, both have redirects to port 5011 ( https://check-your-website.server-daten.de/?q=imodrive.synology.me ):

Domainname Http-Status redirect Sec. G
http://imodrive.synology.me/
107.2.114.154 302 http://imodrive.synology.me:5010/ 0.406 D
http://www.imodrive.synology.me/
107.2.114.154 302 http://www.imodrive.synology.me:5010/ 0.300 D
http://imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.027 T
Timeout - The operation has timed out
http://www.imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.026 T
Timeout - The operation has timed out
http://imodrive.synology.me:5010/ -14 10.027 T
Timeout - The operation has timed out
http://www.imodrive.synology.me:5010/ -14 10.027 T
Timeout - The operation has timed out
https://imodrive.synology.me/
107.2.114.154 302 https://imodrive.synology.me:5011/ 1.443 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.imodrive.synology.me/
107.2.114.154 302 https://www.imodrive.synology.me:5011/ 1.440 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.026 T
Timeout - The operation has timed out
https://www.imodrive.synology.me/
2603:3016:1203:6f00::1e6b -14 10.244 T
Timeout - The operation has timed out
https://imodrive.synology.me:5011/ -14 10.026 T
Timeout - The operation has timed out
https://www.imodrive.synology.me:5011/ -14 10.027 T
Timeout - The operation has timed out

There is a self signed certificate:

CN=synology.com, O=Synology Inc., L=Taipei, C=TW
	21.04.2018
	05.01.2038
expires in 6865 days