Generate Signed SSL Certificates with Lets Encrypt and Synology NAS | 4K TUTORIAL

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right hello everybody this is gonna be tutorial on to how to get a properly signed SSL certificate from let's encrypt and stop getting these messages every time you try to join your HTTPS Synology website so often when Synology users first start using certificates they get the error that this certificate is self signed and might be using a man-in-the-middle attack to hijack your website when in fact it's really just self signed because you are not a company Synology has just gotten you a certificate they have not validated it they have self signed it this means that this certificate does what it is intended to do it had it allows for encryption to occur on in the end but it could also be spoofed basically somebody could have a man-in-the-middle attack and say oh actually we're going to use this certificate which I already know the public and the private key to that way they would be able to de encrypt all of your data just like the website is able to that you're hitting so most websites will now give you a big error and actually on Safari you have to enter your password to enter a site with a self-signed certificate this is because in 99% of cases for most general users it would probably be somebody who is performing a man-in-the-middle attack stealing data however we are the 1% who are hosting our own website and want to use HTTPS so here's how you get rid of those messages this continuation of my first video about how to set up a D DNS server for your Synology DSM so that you can access it anywhere in the world with a secure connection alright so first off we're just going to go into control panel it's actually really straightforward if you've already created a D DNS server alright so as we can see here I've got the D DNS host name space Rex technology dot me but if I would go to that it would be an unencrypted certificate which we don't want to have so once you've got this set up we're just going to go into home security and go to your certificates and right now you can see I've got two but both of these are default self-signed certificates which is not what we want so we're going to add a new one and it will even allow us to replace one and this is the one I'm replacing I want to replace the certificate for space Rex Dotson ology adopt me which is what I use to externally get into my Nass well the virtual machine that's running on mine asks for tutorials so that I've got some anonymity so we're going to click replace any existing certificate and go on so this is where Synology is great because they make things so simple to do I would recommend giving it a description and then choose get a certificate from let's encrypt let's encrypt is a free service that generates real ssl certificates so that you can host websites and use the SSL protocol without costing you any money so this is where you've got to enter your domain name which is whatever the person on the outside is going to be entering to get to your website and here you've got to have a valid email and I don't have any alternative names and now we're just going to go ahead and click apply it's going to take a minute because right now it's actually communicating back to let's encrypt so that they agree that space Rex Synology me is in fact assigned to me and that this is a valid certificate it's basically all using massive massive massive prime numbers and multiplied together and that's actually how 90% of encryption works is basically just a process that's really easy to go one way or back the other way if you know both the keys but nearly impossible to do if you don't know the keys and now it's going to go ahead and restart our web server and so as you can see here we've actually gotten the air this connection is not private that is because the certificate that we use was not for 192.168.1.1 23 it instead was for space Rex Dotson ology now that mean and boom there we go and as you can see here we have a secure certificate that means that anybody who logs in here will be able to log in without having to go through the very sketchy process of saying yes I trust this unsigned certificate so a couple of things that could have happened along the way that I've actually had problems with previously did you so first off let's encrypt sometimes requires you to have the ports 80 and 443 open this is how it validates them another thing that I found that I actually had problems with was my web surfer was actually having a problem by taking over this port I've yet to find a way to go around using port 80 for this so this could be an issue and you might have to go through a different certificate program if you're trying to a web host and use let's encrypt but for the vast majority of people you can just use DSM and have a encrypted connection all the time all right and that's it thanks for watching go ahead and subscribe I guess man have a good day bye you

Info

Channel: SpaceRex

Views: 66,563

Rating: undefined out of 5

Keywords: Lets Encrypt Tutorial, Self Signed Error, Signed SSL Certificate, SSL Certificate Tutorial, Synology NAS Tutorial, Encryption tutorial

Id: AqakuZfPuQo

Channel Id: undefined

Length: 6min 17sec (377 seconds)

Published: Sun Mar 01 2020