Assign a certificate to my NAS that is not on the same network as my domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
N/A
It produced this output:
N/A
My web server is (include version):
Ipage
The operating system my web server runs on is (include version):
Apache
My hosting provider, if applicable, is:
IPage
I can login to a root shell on my machine (yes or no, or I don’t know):
I don’t Know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have a NAS at my Office but the network there does not have a Domain. It’s a workgroup. I have a domain and a website that is hosted by IPage but I am trying to see if I can get a certificate for my NAS that is not on the same network as my domain.

Hi @TrentPerez

if the NAS doesn't have an own domain name, you can't create a certificate. You can create a self signed certificate and use that. Is it required that you need a public trusted certificate?

Perhaps you can create a subdomain and a dns entry subdomain -> your NAS.

But if that Office network is only private, that may not work.

I have installed the certificate from my website to my NAS but it doesn’t seem to be functioning normally. When I login to my NAS it does not show as secure according to my browser. But, the certificate seemed to install successfully.

If you can’t connect to the NAS with that domain, what’s the point of have a cert for that domain installed there?

What's the domain name of your NAS? Or the ip address? It's possible to check your NAS only having an ip address.

I can connect with the IP address of 107.2.114.154 But I get the unsafe site error message from my browser. but when I use the imodrive.synology.me connection I do not get the error message. I just get my DSM page.

That's normal. Your certificate doesn't have the ip address as domain name -> your certificate is invalid, if you use your ip address.

That looks ~~ ok.

But: You have ipv4- and ipv6 addresses (via https://check-your-website.server-daten.de/?q=imodrive.synology.me ):

Your ipv4 works, your ipv6 has a timeout:

And you have a redirect to port 5010.

So you have to install your certificate there.

There I see only a timeout, so it's impossible to check that.

Are there other users of that NAT? With mobile devices? If yes, fix the ipv6 problem.

Okay you just went beyond me. I had my router forwarding ports 5000 - 5011 to my NAS device. I am not sure how to “install your certificate there.” I changed my router port forwarding to only forward ports 5000 - 5009 (Not sure that will help though)

You have a redirect http -> port 5010. So if you open only 5000 - 5009, that doesn't help.

I don't see if port 5010 has a correct certificate. Perhaps you have already installed it. But I don't see something -> timeout.

My Synology NAS only allows me to install my certificate, not assign it to specificate ports (Unless I missed something in the setup instructions.) But my Certificate did not show any errors whjen I installed it with the files I recieved from my hosting provider. (IPage) But the connection still shows unsecure errors in my browser. I don’t understand what I am doing wring.

Then you should use the standard ports with your NAS.

Is that a DSM? If yes, you have the wrong port: 5001 is standard.

Now port 80 / 443 is open, both have redirects to port 5011 ( https://check-your-website.server-daten.de/?q=imodrive.synology.me ):

There is a self signed certificate:

CN=synology.com, O=Synology Inc., L=Taipei, C=TW
	21.04.2018
	05.01.2038
expires in 6865 days

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.