StartSSL SSL Certificate on Synology NAS using subdomain

This will explain how to generate and install SSL certificates on your Synology NAS to get rid of the pesky SSL certificate errors. I’ll be explaining specifically how to generate and install from StartSSL, who gives out free SSL certificates.

First, you will need to own or control a domain name, and have a subdomain set up and CNAME pointed to your Synology NAS’s IP address. You can find a walkthrough on how to set that up by reading this article. If you are having trouble with certificate domain mismatches, make sure you have read this article first: Synology DiskStation on a subdomain with dynamic IP address.

Once that’s set up, head over to StartSSL and follow the steps outlined below to validate a domain name and generate an SSL certificate.

Validate a domain name

Select the Validations Wizard and choose type Domain Name Validation


Enter the domain name you wish to validate, and continue. You are validating only the base domain name.


Select an email address to which the validation code will be mailed to, and then continue.


Enter the validation code you received via email, and continue.


Generating your SSL certificate

After verifying your domain ownership, you can now generate the SSL certificate.

Select Certificates Wizard and choose Web Server SSL/TLS certificate, as in the image below.


Generate a private key by inputting a password of at least 10 characters, choosing your key length, and selecting SHA1.

On the next screen, you will be given your generated, encrypted, private key with instructions to save it to a file called ssl.key, and what to do with it. For now, just create a new text file on your desktop, call it “encrypted_ssl_key” (or whatever), and hang on to it for later. I’ll explain what to do with it in a few more steps.


Next, you’ll be prompted to add a verified domain to your SSL cert. Choose the previously validated base domain.


Next, you’ll be prompted to enter a subdomain to add to the certificate. This is where you enter your NAS’s subdomain. For example, if your root domain is, and your NAS is accessible via, enter myds.

The ready processing certificate screen will show next, and should include both your base domain name and the subdomain, like this following image.


The following screen will appear, and prompt you to save the certificate, as well as the intermediate certificates, which you will need for the Synology NAS. Save the certificate in a file called ssl.crt as instructed. Hold on to both it, and the two downloaded intermediate certificates for the following steps.


Decrypt the private key

One more step before we install the certs onto the NAS box. Head over to the StartSSL toolbox and click on Decrypt Private Key.


In the top box, paste the saved encrypted private key that you generated and named “encrypted_ssl_key” (or whatever). In the Passphrase box, enter the 10-character-or-so password that you set on it, and click decrypt. Save the decrypted key to a file called ssl.key.

Installing the SSL certs

Now we’re ready to install the SSL certs onto the Synology NAS. Log in as admin and head to Control Panel > Web Services. Click the HTTP Service tab and click Import Certificate.

For each of the following select the corresponding files

Private Key: Your decrypted ssl.key file

Certificate: Your ssl.crt file

Intermediate certificate: The intermediate certificate you downloaded.

(If you forgot to download the intermediate certificates, you can get them again by following this link.)

Click ok, and you should see Restarting Web Server, like so


Assuming all went well, you should be able to go to the subdomain and see a good SSL certificate lock icon, like so in Chrome


Questions, comments, or otherwise, please feel free to share them in the comments below. Thank you!


, , , ,