Certificate

A certificate can be used to secure SSL services of the DiskStation, such as web (all HTTPS services), mail, or FTP. Having a certificate allows users to validate the identity of a server and the administrator before sending any confidential information.

At Control Panel > Security > Certificate, you can do the following:

Note:

Certificates from Let's Encrypt

To get certificates from Let's Encrypt:

You can get free and secure SSL/TLS certificates automatically from Let's Encrypt, an open and well-trusted certificate authority.

  1. Click Add.
  2. Select Add a new certificate and click Next.
  3. Select Get a certificate from Let's Encrypt.
  4. Enter the following information:
  5. Click Apply to save the settings. Once confirmed, the certificate will be instantly imported into your DiskStation.

Note:

Self-signed Certificates

A self-signed certificate refers to a certificate that is created and signed by the same entity whose identity it certifies (in this case, the DiskStation). Self-signed certificates are signed with the private key generated by the DiskStation. Because self-signed certificates are not issued by third-party certificate authorities, they provide less proof of the identity of the server and are usually only used to secure channels between the server and a group of known users.

To create self-signed certificates:

  1. Click Add.
  2. Select Add a new certificate and click Next.
  3. Select Create self-signed certificate.
  4. Follow the instructions of the setup wizard.

Certificate Signing Requests (CSR)

In addition to certificates issued from Let's Encrypt and self-signed certificates, you can also apply for certificates from other commercial or third-party certificate authorities. To get a certificate, you may need to do the following:

To create certificate signing requests:

  1. Click CSR.
  2. Select Create certificate signing request (CSR).
  3. Follow the instructions of the setup wizard to create and download the certificate signing request.
  4. Send the CSR and required information to the certificate authority for confirmation.

When you receive the requested certificate issued by the certificate authority, you can import it along with your private key.

Note:

A private key should also be generated along with the certificate signing request. Certificate authorities do not need this private key. Please keep the private key for your DiskStation safe and secure.

To sign certificate signing requests:

Users of other devices may send certificate signing requests to gain certified access to your DiskStation. You can sign their requests using the root certificate of the DiskStation, and send the generated certificates to the applicants.

  1. Click CSR.
  2. Click Sign certificate signing request (CSR).
  3. Upload the certificate signing request and enter relevant information.
  4. Click Next, and the system will sign the certificate request and create a corresponding certificate.

Certificate Management

To import certificates:

You can import a previously exported certificate or a certificate from a commercial or third-party certificate authority, along with a private key, to have your DiskStation trusted by other devices.

  1. Click Add.
  2. Select Add a new certificate and Import certificate.
  3. Follow the wizard's instructions to finish importing the certificate.

Note:

To export certificates:

Existing certificates can be downloaded for management or archival purposes, and they can also be imported into other users' devices to establish trust between your DiskStation and their devices. The exported file contains the certificate, private key, and self-signed root certificate of the DiskStation.

  1. Select the desired certificate.
  2. Click Export certificate.

To renew certificates:

When your certificate is about to expire, it can be renewed using this option.

  1. Click CSR.
  2. Select Renew certificate and click Next.
  3. Download the generated private key and certificate signing request.
  4. Send the CSR to the desired certificate authority for a renewed certificate.

To replace certificates:

If you do not want to use existing certificates, you can replace them with other certificates.

  1. Click Add.
  2. Select Replace an existing certificate and the unwanted certificate from the drop-down menu.
  3. Follow the wizard's instructions to finish replacing the certificate.

To edit certificates:

You can edit certificate description or set another certificate as the default certificate.

  1. Select the desired certificate.
  2. Click Edit and you can do either action below:

To configure certificates:

You can change a certificate for a service to another certificate to suit your needs.

  1. Click Configure to show all the services and the corresponding certificates.
  2. Click the current certificate of the targeted service.
  3. Select the proper certificate from the drop-down menu.
  4. Click OK.

Note:

To delete certificates:

  1. Select the unwanted certificate.
  2. Click Delete to finish deleting the certificate.

Note:

To repair certificates:

When there are errors with a certificate, the services which are registered using such certificate will be inaccessible. Choose from the following options to repair the certificate: