I see a "Not Secure" warning when connecting to my Synology device via HTTPS. What can I do?
I see a "Not Secure" warning when connecting to my Synology device via HTTPS. What can I do?
Symptoms
You have encountered a warning message "ERR_CERT_COMMON_NAME_INVALID" showing that the website is not secured when connecting to a Synology device via a browser using the HTTPS protocol.
Diagnosis
The web browser requires a third-party certificate to verify the identity of your Synology device. "Not Secure" warning may appear on a browser and Synology mobile applications for the following reasons:1
- You are connecting to your Synology device via its IP address.2
- Your Synology device doesn't have a trusted certificate.
- A subdomain doesn't apply to your certificate.
- You are connecting to a Synology device via QuickConnect ID on Synology mobile applications.3
Notes:
- Some anti-virus software and web browsers reject all insecure connections. If you cannot connect to your Synology device, temporarily disable the anti-virus software on your computer or conduct a cross-browser test.
- Certificates are bound to domain names instead of IP addresses, so the "Not Secure" warning will still appear if you connect via an IP address.
- Certificates only guarantee secure connections with a specific domain (e.g., example.synology.me), not including connections via QuickConnect ID on Synology mobile applications.
Resolution
Obtain a certificate for your Synology device
Choose either of the methods below:
- From Let's Encrypt.
- From another certificate authority.
Once you have obtained and imported a certificate into your Synology device, please connect to your Synology device using the certified domain name.
Apply a certificate to the services
If services do not correspond to the right certificate, a secure connection will fail to be established. Check the service settings via the following steps:
- Go to DSM Control Panel > Security > Certificate.
- Click on Settings (For DSM 7.0 and above) or select the domain with a registered certificate and click Configure (For DSM 6.2 and earlier).
- In the pop-up window, under Configure (For DSM 7.0 and above), make sure you have selected the right certificate for each service. Refer to the following examples:
- If you have registered a certificate for the domain "example.synology.me", you must select "example.synology.me" for the System default service to establish a secure DSM connection.
- If your domain is "example.com" and you have created a virtual host "shop.example.com" to run the website, find the "shop.example.com" service from the list and select "example.com" for it.
Apply a subdomain to your certificate
- Make sure you have registered a wildcard certificate for your domain name when connecting to a subdomain.
- If you choose to get a certificate from Let's Encrypt, enter the subdomain in the Subject Alternative Name field during certificate creation.
- For example, if you have a domain "example.com" and need to connect to its subdomain "www.example.com", enter "www.example.com" in the Subject Alternative Name field.