I see a "Not Secure" warning when connecting to my Synology device via HTTPS
Go to: https://www.ady.com
Your connection is not private
Attackers might be trying to steal your information from www.ady.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
To get Chrome’s highest level of security, turn on enhanced protection
Hello,
Greetings!
Thank you for contacting Synology Support.
While connecting to https://ady.com/ I did not see "Not secure" Warning.
Please follow the steps mentioned in the below document and let me know if it helps.
Could you please recheck and let me know if you see this error again?
Also, please follow the below document to narrow down this issue and let me know the results.
https://kb.synology.com/en-uk/DSM/tutorial/force_HTTPS_for_DSM
Please let me know the results to proceed further.
Regard,
Sharafat| Support Engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
Thank you for the quick reply.
I asked few people to look at the https://www.ady.com
All of them reported the warning, although your computer did not.
That may point out to a different security settings on your computer, which I can do as well, to prevent the warning from coming in and allow me to see exactly of what you see. But most people use default settings.
So I will send you all the screenshots from other people on other devices so you could see that they get the warning and it is not my imagination.
Since there is a limit to add few pictures, I have no choice but to reply multiple times to get you the pictures.
Thank you,
Ady
This is from a different person on a different phone
This is on my iMac using Safari
This is from my iMac using Chrome
This is from my Window 7 PC
This article deals with ports 5000 and 5001 not the web ports 80 and 443
https://kb.synology.com/en-uk/DSM/tutorial/force_HTTPS_for_DSM
Can you please explain how the article is related to my issue?
Thank you.
Here is from a different person with Firefox on Linux computer.
I don't want to bother you too much, but only you do not have the problem.
This is Chrome on Linux computer
Hello
Greetings
The short answer is: This is normal and expected, and you can just ignore the message and proceed anyway without any worries.
The much longer answer:
Seeing a Not secure warning in your web browser when you connect to your NAS via the local IP address of your NAS is normal and expected.
All web sites you go to require certificates when you connect over HTTPS (HTTP Secure).
Certificates can only be applied to domain names. They cannot be applied to IP addresses.
Whenever you access a website and the website has a certificate for a domain name that doesn't match the address that you used to get to that website, then your browser will give you that warning.
For example if the certificate is made for the address Diskstation.com but you are accessing the NAS via the address 192.168.1.10:5001, then the certificate name doesn't match the address you're using and so your connection cannot be verified as secure.
More details about this, and how to resolve this can be found here:
Those instructions will go over setting up a Synology DDNS that you can assign a certificate to. However, I want to make it clear that this might not be necessary, nor the best course of action for you.
A secure HTTPS connection is intended to protect you for over the internet connections to make your connection private.
However, if you are on a your home network connecting to your NAS via the local IP address, then for all intense and purposes you already have a private connection by virtue of the fact that you're on a private network. So going through the trouble of setting up a "secure" connection may not be worth your time since it wouldn't really accomplish much of anything except to rid yourself of those "not secure" errors.
In addition if you have no intention of every wanting to connect to your NAS over the internet, then you might not even want to setup a DDNS to get that "secure" connection. This is because the processes of doing this, requires that your NAS then be made available over the internet. So in an effort to be rid of your "Not secure" message in your browser, you might actually be making yourself needlessly less secure than before.
Lastly, if you did make your NAS accessible over the internet, and configure a DDNS with a certificate to make it secure, then there's still no guarantee that this will make any difference. You would have to connect to your NAS with that DDNS from a local computer, and this would only be possible if your network router supports NAT loopbacking. You would have to consult your Router manufacturer to find out if your router supports this.
You may be better off just enabled QuickConnect if you want remote access to your NAS, and then just keep using your local IP connection to access your NAS regardless of what your browser claims.
If you had questions about this, please let me know.
Regards,
Danish|support engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
Your short answer does not apply to the problem. All the screenshots are from people not trusting my website. They are in different cities and states.
Can you explain to me how to notify random people to go ahead with a site which is reporting to them that it may steal their personal information?
That is why the internet has certificates to begin with. So https sites do not give warning that the site is a scam of fishing site. That is why Synology has certificats when it is hosting public websites.
Do you disagree about the fact that certificates are part of Internet security and should work correctly?
You long answer is about me connecting to a local server. That was never a concern, since I do not have an issue with that.
Use your personal phone and go to https://www.ady.com
If you did not work for synology and did not know me personally, once you get the warning that the site mat steal your personal information, what would you do?
Thank you,
Ady
Thank you for the update
I understand that you have an issue when connecting to your Synology NAS shows the connection is not private or not secure.
The web browser requires a third-party certificate to verify the identity of your Synology device. "Not Secure" warning may appear on a browser and Synology mobile applications for the following reasons:
Example screenshot below:
You can follow the steps provided in this article: https://kb.synology.com/en-us/DSM/tutorial/Why_did_I_see_a_not_secure_warning_in_the_browser_when_connecting_to_my_Synology_product
Please note that you should have already registered a domain, such as example.com. If not, you can obtain one via either of the following methods:
Should you have further questions about this, please let us know.
Regards,
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
I followed the instructions 2 weeks ago, the same one that you sent me the article of. If you read what you sent me to do to make the site secure for the public, I needed to:
Obtain a certificate for your Synology device
Choose either of the methods below:
From Let's Encrypt.
That solution, which is what synology advise their customers to do, does not make the site secure as it should.
So I used "Let's Encript" installed it and the expiration is January of 2024
So please do not resend me this article, since I already did what it told me to do, and it does not work, for some reason.
This is the article.
https://kb.synology.com/en-us/DSM/tutorial/Why_did_I_see_a_not_secure_warning_in_the_browser_when_connecting_to_my_Synology_product
By the way, this bouncing between multiple tech support people will take weeks to resolv, as it did in all of my prior tickets, until finally we did a screen sharing with level 1 tech support who did understand what the issue was and resolved it. It was not simple as the instructions told us to do, so he tried many other ways, and got it to work eventually.
Thank you,
Ady
Hello,
Thanks for update
I understand you are looking for information on how to access the NAS securely. When it comes to accessing DSM internally, there is not really a way to access it internally while making it show secure. However, if you are using the internal IP address, it may show as not secure but this can be ignored as there is no way for brute force to attack the NAS using your internal IP address.
As far as accessing the NAS externally, I would recommend creating a DDNS and Let's Encrypt Certificate on the NAS which will help you be secure when you are accessing the NAS from outside of the network. In order to create the DDNS, you can log into DSM and go to Control Panel > External Access > DDNS > Add and follow the wizard to create a DDNS of your choosing, as long as it's not being used by anyone else, which it will tell you if it is. For the Service Provider, you will select Synology, and then fill out the information from there. Going through the setup process you will be asked if you want to create a certificate for it. You will select this, so it will create it and automatically configure it to work. The following links will give you some more information on these services along with setting them up.
https://kb.synology.com/en-us/DSM/help/DSM/AdminCenter/connection_ddns?version=6
https://kb.synology.com/en-us/DSM/help/DSM/AdminCenter/connection_certificate?version=6
Once this is all set up, you will need to port forward (open) on your router port # 5000 (HTTP/TCP) and/or 5001 (HTTPS/TCP) to utilize remote access (DDNS). If you don't know how to configure port forwarding then you will need to locate your router manual for port forwarding instructions specific to the make/model of your router. You can use the links below to test whether or not the needed ports are open.
Port Tester: http://www.yougetsignal.com/tools/open-ports/
Synology Ports: https://kb.synology.com/en-us/DSM/tutorial/What_network_ports_are_used_by_Synology_services
Once all of this is done, you will be able to connect to the NAS by putting in https://yourDDNS.synology.me:5001 and you should be able to connect.
Please let me know if you have any other questions or concerns
Sincerely,
Danish|support engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
I am not looking how to access the NAS securely, as you said above.
As I said few times on this ticket, I configured the certificate correctly, per Synology instructions, and the site still returns a warning that it is unsafe to access from browsers anywhere in the world.
Thank you,
Ady
Hello
Thanks for update
It looks like you have not set up the certificate properly , please follow the below link for certificate set up
Sincerely,
Danish|support engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
Can you be specific of what was not set up correctly, since I followed the instruction a month ago and when it did not work, I opened the ticket. Obviously you, as a synology expert, can tell what I did wrong and advise me which settings are incorrect.
Thank you
Hello
"May I please have access to your NAS for remote inspection,i will send instructions for them in separate reply
Regards
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Please be aware that our support may experience delays during the Thanksgiving holiday. Support will be limited on 11/23 & 11/24 during the holiday and will return to normal support operations promptly thereafter. We appreciate your understanding.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
To enable remote access to your device, please follow the steps below:
Things you should know about remote access to your device:
We understand your concerns for providing us the key data of your device. Synology support teams are committed to safeguarding and respecting your data security and privacy. It is our policy to ensure that none of your personal files are ever copied or transferred to our servers. For more information, refer to our Synology Account Terms of Service and Privacy Statement.
Submitted
Hello,
I created the additional admin user, sent a key and made sure that 2FA is not active.
Thank you,
Ady
Hello,
Thank you for providing remote access.
Upon checking, it appears that there is no DDNS hostname added to your NAS. I would recommend clicking on the 'add' option to include a DDNS hostname. Try accessing the NAS using that hostname and verify if the 'Not Secure' warning persists.
Please let us know if you have any other questions.
Regards,
Manzoor | Support Engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Please be aware that our support may experience delays during the Thanksgiving holiday. Support will be limited on 11/23 & 11/24 during the holiday and will return to normal support operations promptly thereafter. We appreciate your understanding.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
I don't want to access the NAS remotely. I want my hosted website to work with https://
Can you please explain why DDNS is important while I have an external IP 75.82.185.54 which I know and it is for the NAS which is obvious, since my websites work.
Lookup ady.com and you will get the same IP, so the DDNS solution, is it somehow even related to my problem? If so please explain how that will solve websites which are accesses with https://....
Please go to http://www.ady.com and it works
Then go to https://www.ady.com and it does not work. Please don't tell me that from your network at Synology it works. It does not work for 5 of my friend in different states, and screenshot were provided.
I assume that if I did what you told me, that will solve the https:// problem. Is that correct?
Thank you,
Ady
Hello,
Greetings,
I have escalated this issue to the escalation team, please keep the remote access open.
You will expect a delay in response, I will keep you updated on the ticket and if I need anything else I will let you know .
Regards,
Manzoor | Support Engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Please be aware that our support may experience delays during the Thanksgiving holiday. Support will be limited on 11/23 & 11/24 during the holiday and will return to normal support operations promptly thereafter. We appreciate your understanding.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Please be aware that our support may experience delays during the Thanksgiving holiday. Support will be limited on 11/23 & 11/24 during the holiday and will return to normal support operations promptly thereafter. We appreciate your understanding.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
Sorry to inform you but you did not fix the problem. I don't think that you even understand what the problem is, therefore you did not verify yourself if you fix it or not.
It is my understanding, based on a phone call with Synology tech support, that the team in Taiwan will now handle this ticket.
Thank you,
Ady
Hello,
This is Castalino I will be assisting you with this case.
As you can see I can access the site via both.
http://ady.com gives not secure as expected:
https://ady.com gives secure as expected:
If you want HTTP to redirect to HTTPS, then they need to enable HSTS for the website:
If this is not what's expected I would like you to further provide a brief clarification on this.
Also, I would like you to copy and paste the full URL.
Regards,
Castalino | Support Engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Please be aware that our support may experience delays during the Thanksgiving holiday. Support will be limited on 11/23 & 11/24 during the holiday and will return to normal support operations promptly thereafter. We appreciate your understanding.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
I am assuming that this ticket was escalated to headquartered in Taiwan, as per my phone conversation with tech support early this week.
If you are NOT part of the escalated team, please do not answer this ticked, as you are going to mark this thicket as answered, creating more problems than helping this situation.
If you are indeed a person from Taiwan, which should take over this ticket, please verify that:
https://www.ady.com (that is the full URL) does not show that the site is not secure.
You need to do that NOT only your Synology office computer, which is on the Synology network, but with random connections, such as your cell phone, your home, and other random people.
Not doing that you will not experience the issue that Synology has, which does not provide a connection to a certificate as it should.
It has been since 10/23/2023 and no solution was provided by
1. Sharafat Mir
2. Danish Bhat
3. Manzoor Ahamad
Thank you,
Ady
Hello
I appreciate your patience . I have received the reply from our escalation team, and I am hopeful that the changes they implemented are effective. I also conduct test to ensure that everything is indeed functioning as expected now.
Regards
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Please be aware that our support may experience delays during the Thanksgiving holiday. Support will be limited on 11/23 & 11/24 during the holiday and will return to normal support operations promptly thereafter. We appreciate your understanding.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
Here is what I see.
Hello,
This is what I see on my "Windows" computer
This is on iPhone using Verizon
Hello
Thanks for the update
It appears that the issue still persists, i will inform this to our escalation team Once we receive an update from the escalation team, i will give you update at that time
Regards
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Please be aware that our support may experience delays during the Thanksgiving holiday. Support will be limited on 11/23 & 11/24 during the holiday and will return to normal support operations promptly thereafter. We appreciate your understanding.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello
Could you kindly share new details about the problem you're having so that we can better understand what's going on?
Regards
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
This is the problem, that people in the world see.
I can send you more screen shots from friend in Los Angeles, Israel, from every cell phone, every computer, anywhere. Go home and test it.
DO NOT USE YOUR COMPUTER AT WORK. YOUR SECURITY IS SET UP NOT TO DETECT THE PROBLEM.
Thank you.
Hello
Greetings
The certificate is working as expected as it is currently set up for ady.com which means that the end users will have to use: https://ady.com and not https://www.ady.com as this will result in the insecure warning. You can refer to the image below :
Regards
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
That is incorrect. The certificate was set up for both.
Regards
Also,
It appears to be that you changed something, and now this does not work. You probable sent all requests for http to https. Is that correct?
Thank you.
Hello,
Thanks for your reply. To confirm we have not changed any settings on the device as when we reviewed https://ady.com was working as expected. I did check https://www.ady.com
Both sites seem to be working at this point in time albiet https://www.ady.com is still showing as insecure. I also tried to review settings by doing a remote session but it does appear to be invalid. I'd like to request that you re-enable the remote connect as I would like to check your certificates and review how they are configured. I will send out the remote request just incase you need the instructions to do so.
Thank you,
Nelson | Support Engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
review certificates
To enable remote access to your device, please follow the steps below:
Things you should know about remote access to your device:
We understand your concerns for providing us the key data of your device. Synology support teams are committed to safeguarding and respecting your data security and privacy. It is our policy to ensure that none of your personal files are ever copied or transferred to our servers. For more information, refer to our Synology Account Terms of Service and Privacy Statement.
Submitted
Hello,
https://www.ady.com does not work.
1. From my verizon phone.
2. Imac using Safari
Thank you.
Picture #2
Hello
We sincerely apologize for the ongoing issue you're experiencing, and we truly empathize with the frustration it has caused. In order to provide you with the necessary assistance, our previous representative, Nelson, had requested remote access. We are eagerly awaiting the provision of this access. Please send it at your earliest convenience so that we can proceed with the resolution process.
Sincerely,
Danish|support engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus
Hello,
I have provided the access but i will do it again since it was never received.
Thank you,
Ady
Hello,
It is not possible to do it the second time. That is how your system is set up.
Please see a screenshot that it was submitted.
You can also use this code if you like.
7MXXuMfV0uf-IyWZXyEHvcW-A1GM6cuOzMT-TQaL4mnJBs
The screenshot will confirm that it was submitted and how the server is set up.
Thank you,
Ady
Image #2
Image #3
Hello,
www.ady.com does not work because the certificate is not setup for www.ady.com. It is only setup for ady.com.
The subject alternative name [1] you emphasize does not matter.
What matters is the what the certificate is for [2], and currently the certificate is only for ady.com
If you go into the certificate's settings, you'll see that you've configured the certificate for ady.com as well.
The list of services is in alphabetical order, so if you scroll down you'll see that there is no www.ady.com service even list to select [3].
There is no www.ady.com service listed to select because one was never made. If you look at the web service portals, there is only one for ady.com. There was never one made for www.ady.com.
Until you correct all of that, you will continue to see not-secure when you connect to the www.ady.com website.
If you have questions about that, please let me know.
Regards,
Scott | Senior Support Engineer
_______________________________________________________________
Please log in to your Synology Account to respond to this message.
Video Tutorials | DSM Help & Knowledge Base | RAID Calculator | Download Center | Blog | Community Forums
Sent by Synology Technical Support from Synology MailPlus