Knowledge Base

How to secure your connection to Synology NAS with HTTPS connection (DSM 4)

Overview

This article will guide you on how to secure your connection to Synology NAS through the use of HTTPS to ensure without the possibility of information security being compromised.

What is HTTPS?
HyperText Transfer Protocol Secure (HTTPS) connection keeps sensitive information sent across the Internet encrypted so that only the intended recipient can understand it.

Contents

  1. How HTTPS works
  2. Before you start
  3. Enable secure file transferring on DiskStation
  4. Import private key and digital certificate

1. How HTTPS works

The use of HTTPS is to allow secure connection over the Internet. This provides high level of protection against eavesdroppers or man-in-the-middle attacks; under the condition that server certificate is verified.

Web browsers know how to properly detect and trust server certificates and connections to HTTPS websites. Valid certificates provided from certificate authorities will gain the web browser's trust when connecting to website with HTTPS connection.

You can identify whether the connection is encrypted in the address bar of the web browser. If the connection is encrypted with HTTPS, you will see the lock icon on the address bar.

Return to top

2. Before you start

This article assumes that you have done the following tasks for your DiskStation:

  • Hardware installation for Synology DiskStation.
  • Software installation for Synology DiskStation Manager (DSM, web-based operating system of DiskStation).
  • Creating volumes and shared folders (See here).
  • Creating DSM local users (See here).
  • Setup Port-Forwarding on your router.
  • Apply for a domain name for your DiskStation.

Refer to Quick Installation Guide for more information about hardware and software installation. You can also see Synology DiskStation User's Guide (available at Synology's Download Center) for a general idea about topics related to this article.

Return to top

3. Enable secure file transferring on DiskStation

By default, you can access to your DiskStation through port 5000, which is a non-secured HTTP connection without encryption. However, without encryption, your data could be inspected by others when using public Wi-Fi hotspot. Therefore, it is recommended to use secured HTTPS connection to access your DiskStation over the Internet.

This section explains how to enable HTTPS connection for a DiskStation.

    To enable HTTPS connection for a DiskStation:

  1. Log in to DSM as an administrator, which could be an administrator (admin or a user belonging to the administrators group) or a domain administrator.
  2. Note 1: If you want to log in as a domain administrator, enter Domain_Name\Username in the username field.
  3. Go to Main Menu > Control Panel > DSM Settings, click the HTTP Service tab, select Enable HTTPS connection, and then click OK.
  4. If you would like to automatically redirect all HTTP connection to HTTPS as the only choice of connection, please select Automatically redirect HTTP connections to HTTPS, and then click OK.

    To access HTTPS connection for a DiskStation:

  5. Using the supported Web Browser, please direct to https://domain name:5001, where domain name is your registered domain name for access to your DiskStation.
    Note 2: You must enter the port access number along with https in order to access HTTPS connection. 5001 is the default port access for HTTPS connection, please change this accordingly if your default port number has been modified.

    Note 3: If you have selected Automatically redirect HTTP connections to HTTPS under DSM Settings, then it is not necessary to add HTTPS and the default port number as it will redirect automatically.

Return to top

4. Import private key and digital certificate

Once you have enabled HTTPS connection and have all the configuration ready, you should be able to establish secure connection to your DiskStation. However, the following warning may appear on screen and blocks you from connecting directly to DSM. This is because the web browser requires a 3rd party certificate to verify that the server you are trying to connect is truly yours, not a fraud that cheat to get your password.



Note 1: DiskStation supports Internet Explorer, Safari, Mozilla Firefox, and Google Chrome Web Browser. The above warning message is produced from Mozilla Firefox and varies with different web browser.

Note 2: You may bypass the above warning by adding this domain as a security exception, then you can still log into DSM as usual. The data is still encrypted regardless of the warning message.

You can take the warning message away by getting a certificate from a 3rd party provider. To get one, you must have a registered domain name already. Then use the domain to apply a certificate from one of the certificate authorities such as StartSSL, a company providing free Class 1 certificate (Class 1 are for individuals).

Figure: Go to StartSSL and get a certificate

Private key and digital certificate are used to validate HTTPS-based websites and assure that all communication is secure and guarantees that the website is genuine. If you obtained the private key and digital certificate from a 3rd party certificate authority, you may import this into DSM.

To import private key and digital certificate for a DiskStation:

  1. Go to Main Menu > Control Panel > DSM Settings, click the HTTP Service tab, and then click on Import Certificate.
  2. When an Import Certificate window appears, please click on Browse to locate your private key and digital certificate. Click OK to complete this import and your domain is now verified as a safe and trusted connection.
  3. Note 3: For the decrypted private key that you obtained from the certification authority or from using the ToolBox tab in StartSSL website, please save it onto your computer. Please do not lose it, or next time when you upgrade your DiskStation, you cannot set it up again.

    Note 4: The certificate issued by your certification authority (e.g. StartSSL) is the last step in the application process.

Return to top

Is this information useful for you? Yes No

Need technical support? Submit Support Form