Create articles from any YouTube video or use our API to get YouTube transcriptions
Start for freeUnderstanding the 'Not Secure' Warning on Your Synology NAS
When you secure your Synology NAS by following an online tutorial, you might encounter a concerning warning stating that your connection is not private or secure. This alarming message, designed to caution users, indicates a potential risk to your personal and financial information. However, when self-hosting a Synology NAS or similar devices, this warning, although scary at first, is generally not a cause for panic. It's crucial to differentiate between this message on self-hosted systems and on external websites, where it should be taken seriously.
The Role of SSL Certificates
The root cause of the 'Not Secure' warning lies in SSL (Secure Sockets Layer) certificates. These digital certificates are essential for encrypting web traffic, ensuring that only the intended recipient can read the data. The warning appears because browsers do not trust the SSL certificate used by your self-hosted Synology NAS. This mistrust stems from the absence of a certificate issued by a recognized root certificate authority (CA).
Why Browsers Trust Certain SSL Certificates
When you visit a secure website, like a bank, your browser checks three key aspects of the site's SSL certificate:
-
Issuance by a trusted root CA: Only a few companies have the authority to issue trusted certificates. Browsers and operating systems include these CAs' public keys, enabling them to validate certificates issued by them.
-
Certificate validity: The certificate must cover the specific domain you're visiting and must not have expired.
-
Domain match: The certificate must be issued for the exact domain in your browser's address bar.
If a website's SSL certificate meets these criteria, the browser trusts the connection. Otherwise, it displays the 'Not Secure' warning.
Why Your Synology NAS's Certificate Triggers Warnings
Your Synology NAS generates its own SSL certificate to encrypt traffic. However, since it's not issued by a recognized root CA and likely doesn't match the domain you're accessing (especially if using local addresses like .local), browsers display the warning. Despite this, the connection remains encrypted and secure within the context of self-hosting.
How to Address the 'Not Secure' Warning
-
Understanding QuickConnect: Synology's QuickConnect service can bypass the issue by providing a domain that matches a properly signed SSL certificate, eliminating browser warnings.
-
Using Let's Encrypt: For those wanting to use their domain, Let's Encrypt offers free SSL certificates. You'll need to ensure your domain points to your NAS and can handle the automated certificate renewal process Let's Encrypt provides.
-
Becoming Your Own CA: A more complex solution involves creating your certificate authority. This approach is not recommended for most users due to its complexity and the need to manually trust the CA on all devices.
Best Practices for Secure Connections
-
For home use: It's often acceptable to proceed with the self-signed certificate, especially if the NAS is only accessed internally.
-
For external sharing: If you need to share files or services hosted on your NAS with clients or external users, obtaining a certificate from Let's Encrypt or using QuickConnect is advisable to ensure trustworthiness.
-
Stay informed: Browser and security practices evolve, so staying informed about changes in SSL/TLS standards and browser security warnings is crucial.
In conclusion, the 'Not Secure' warning on your Synology NAS can be concerning, but understanding the underlying reasons and available solutions can help you secure your NAS effectively. Whether you choose to use QuickConnect, Let's Encrypt, or another method, ensuring your NAS's connections are encrypted and trusted is key to maintaining security and privacy.
For more detailed information, check out the original video: Synology NAS Security Explained.
