Synology: Enabling HTTPS Everywhere

To conclude my series of posts on Synology I would like to cover another important aspect of securing your data: HTTPS. In this post, I will show a variety of different locations for which you can enable HTTPS connections. Read on to learn more!

Before You Begin

If you plan to leverage HTTPS then you need to ensure the SSL certificate configured on DSM is correct. Ideally this certificate would be properly signed, but whether it is or not it is important to check that the certificate is valid and nothing has changed from a security perspective. For example, I have had my 713+ for a couple of years now and you can see the certificate is signed using the SHA1 algorithm, which will soon no longer be supported. Even if I plan to stay with a self-signed certificate I really need to upgrade the certificate, which will change it to a better algorithm.

DSM Settings

In terms of enabling HTTPS, the most common place to start is with DSM itself. Now in my environment I do not expose DSM on the Internet so enabling HTTPS is not that critical for me, but if you do expose DSM to the Internet then I highly encourage recommended this option. Note unless you enabled the automatic redirection checkbox HTTP will still be allowed for authentication — I highly encourage enabling redirection. One final note is that you will see redirection does not work with Web and Photo station — more on this in a minute.

Web Services

Another place in which HTTPS can be enabled is under Web Services. If you are or plan to either host a website or enable Cloud Station you will need Web Services. Both websites and Cloud Station support HTTPS connections, but such functionality needs to be enabled under Web Services.

Photo Station

As mentioned earlier, enabling HTTPS under DSM Settings does not work for Web or Photo station. These two applications require enabling HTTPS directly within them. For example, on Photo Station you to select the checkbox under the Other Settings section of the General Settings page.

© 2015, Steve Flanders. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top