I see a "Not Secure" warning when connecting to my Synology device via HTTPS. What can I do?

I see a "Not Secure" warning when connecting to my Synology device via HTTPS. What can I do?

Symptoms

You have encountered a warning message "ERR_CERT_COMMON_NAME_INVALID" showing that the website is not secured when connecting to a Synology device via a browser using the HTTPS protocol.
1.png

Diagnosis

The web browser requires a third-party certificate to verify the identity of your Synology device. "Not Secure" warning may appear on a browser and Synology mobile applications for the following reasons:1

Notes:

  1. Some anti-virus software and web browsers reject all insecure connections. If you cannot connect to your Synology device, temporarily disable the anti-virus software on your computer or conduct a cross-browser test.
  2. Certificates are bound to domain names instead of IP addresses, so the "Not Secure" warning will still appear if you connect via an IP address.
  3. Certificates only guarantee secure connections with a specific domain (e.g., example.synology.me), not including connections via QuickConnect ID on Synology mobile applications.

Resolution

Obtain a certificate for your Synology device

Choose either of the methods below:

  1. From Let's Encrypt.
  2. From another certificate authority.

Once you have obtained and imported a certificate into your Synology device, please connect to your Synology device using the certified domain name.

Apply a certificate to the services

If services do not correspond to the right certificate, a secure connection will fail to be established. Check the service settings via the following steps:

  1. Go to DSM Control Panel > Security > Certificate.
  2. Click on Settings (For DSM 7.0 and above) or select the domain with a registered certificate and click Configure (For DSM 6.2 and earlier).
  3. In the pop-up window, under Configure (For DSM 7.0 and above), make sure you have selected the right certificate for each service. Refer to the following examples:
    • If you have registered a certificate for the domain "example.synology.me", you must select "example.synology.me" for the System default service to establish a secure DSM connection.
    • If your domain is "example.com" and you have created a virtual host "shop.example.com" to run the website, find the "shop.example.com" service from the list and select "example.com" for it.

Apply a subdomain to your certificate

  • Make sure you have registered a wildcard certificate for your domain name when connecting to a subdomain.
  • If you choose to get a certificate from Let's Encrypt, enter the subdomain in the Subject Alternative Name field during certificate creation.
    • For example, if you have a domain "example.com" and need to connect to its subdomain "www.example.com", enter "www.example.com" in the Subject Alternative Name field.
Symptoms
Diagnosis
Resolution
Obtain a certificate for your Synology device
Apply a certificate to the services
Apply a subdomain to your certificate
Further reading