3

I have a Synology NAS that creates a self signed certificate for SSL access.

I'm using the latest Chrome on Windows 7.

Upon visiting the NAS's landing page, Chrome presents a red warning to say that "Server's certificate is not trusted". This is what I did to try to resolve it to no avail:

  1. Click on the lock
  2. Click on Certificate Information
  3. Click Details tab
  4. Click Copy to file... which saves the certificate locally. (I tried this with all the export option presented here - X.509, #PK7)
  5. Double clicked on the file then click Install Certificate
  6. Ensured that it is installed in the "Trusted Root Certification Authority" section
  7. Type "certmgr.msc" in Start menu to confirm that the certificate has been installed correctly
  8. Restarted Chrome
  9. Visit NAS landing page... Low and behold, same bloody thing.
  10. Go to Chrome settings > Advanced settings > Manage Certificates, to find that the certificate is not listed or recognised by chrome, even though it is stored correctly by windows.
  11. Tried importing to chrome using the import button in the Chrome settings. Still no luck.

Can anyone confirm that this is normal behaviour? If not, please advise how this can be solved?

Improve this question
6
  • Is the certificate valid? I mean: is the name on the subject of the certificate the same as the name you enter on your browsers (i.e. CN=mynas,OU=synology and you enter https://mynas/)?. Is the certificate current or has it expired? Has it sufficient strength (browsers will complain with MD2/MD5 and during next year will stop allowing SHA-1 altogether)?
    – NuTTyX
    Commented Oct 23, 2014 at 12:19
  • Thanks for you comment. Yes I've checked that the CN is the same as the address bar. Chrome used to complain about that, but now it just says "not trusted" when I look at the red lock. It is current.
    – user3804927
    Commented Oct 23, 2014 at 12:47
  • Does it work with other Browsers e.g Internet Explorer or FireFox? If not you may choose a different location to import the certificate and not the "Trusted Root Certification Authority". Also sometimes Windows has his problems when you import certificates not using admin rights. Try starting chrome as a admin.
    – Ivan Viktorovic
    Commented Oct 23, 2014 at 13:49
  • Does it say NET::ERR_CERT_AUTHORITY_INVALID? Chrome on windows use the system's ssl settings and I have succesfully used a self-signed cert as trusted on IE. Try importing it via IE: click on the lock and press Install certificate..., next, select trusted root certification authority, next, finish.
    – NuTTyX
    Commented Oct 23, 2014 at 14:08
  • It does not work with Internet Explorer either. I went to Internet Options > Content > Certificates. I can't see the certificate there. Same as with chrome. But I've installed it!! I don't understand why it won't appear. And I've tried running as Admin as well.
    – user3804927
    Commented Oct 24, 2014 at 2:29

2 Answers 2

Reset to default
4

Thanks to all the comments so far. After some tweaking around I stumbled upon this which was very helpful to me: http://forum.synology.com/enu/viewtopic.php?f=145&t=77919

The NAS actually creates 2 types of certificates, one for the website, and one for the root authority.

It first tries to identify the website's certificate. Upon inspection it sees that the certificate has been issued by a particular Certification Authority. You can't simply install the website's certifcate. You need to actually install the CA's certificate generated by the NAS.

Upon doing this I closed Chrome using the X button. That didn't work. I did this a couple more times, and then I used the chrome "Exit" menu. This worked! So lesson learned... X does not necessarily restart Chrome.

This is now resolved!

Improve this answer
0

Just a few words hoping it could help someone else

I just got it working. Synology NAS, DSM 6, self signed cert and a green padlock in chrome. Win 10, Chrome and everything I can think about updated as of today may 19.

What I did this time around (I've been trying getting this to work before with no luck) was the following.

  1. Generated a new cert in DSM. Be sure to enter "XXXXXX.synology.me" (or whatever DDNS you're using) as common name for the Cert - not the root cert. )Root cert common name can be 'NAS' or something)

  2. When finished, Syno web server restarted. Then I exported the certificate, extracted the files on my desktop and, with crome still up...

  3. windows key + r, type mmc, add-in cert snap in. Here I cleared all my previous attempts at getting this to work.

  4. Imported "syno-ca-cert.pem" into trusted root auth. Imported "cert.pem", first into 'auto select depending on type' and again for good meassure into trusted root auth, although this is probably of no real use.

  5. tabbed back to the chrome window and hit my bookmark for 'XXXXXX.synology.me' and got the lovely green padlock

  6. went here and wrote about it

I hope this can help someone else /hug

Improve this answer
1
  • Are you the same person who asked the question or what?
    – Julie Pelletier
    Commented May 28, 2016 at 5:07

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .