Keep OpenVPN Running On Your Synology NAS By Renewing Your Certificate

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you run an openvpn server on your synology nas and specifically if you followed my video on setting up openvpn you'll likely be using the self-signed certificate provided by synology if so you'll want to pay attention to when the certificate expires and make sure to renew or reset the certificate prior to the expiration date if you don't you'll get this error message when your clients connect to your openvpn server which is an indication that the certificate has already expired i don't have a synology nas running dsm-7 that has an expired self-signed certificate but i do have access to a synology nas running dsm-6 that does to view the expired certificate you'll need to go to control panel select security then certificate here we see that the synology certificate indicates that it has expired and if i were to connect to the open vpn server running on the synology nas the client connection would fail with the error message that was displayed earlier if you are still running dsm-6 along with openvpn you'll need to create a new self-signed certificate to replace the expired one to do this click on add then select replace an existing certificate which will be the expired synology certificate then click next here i'll select create self-signed certificate then click next again from this create root certificate window i'll enter in information about my setup and you should do the same because this is a self-signed certificate the information entered doesn't need to be formal or actual company information and is mainly needed to proceed through this setup i'll click next after filling in the required information enter in a common name on this create certificate window and click apply now the certificate will be created and the web server will be restarted once dsm is back up if i bring up the certificate once again we can see that the new self-signed certificate replaced the expired synology certificate and is valid for one year at this point i would need to export the openvpn configuration file once again make the changes that are required for my setup and update my openvpn clients with the new configuration which i'll go over in a little more detail when i cover dsm 7 later in the video also refer to my openvpn video where i covered client setup in detail which you'll find linked in the description below for dsm 7 the self-signed certificate used by openvpn is again located under control panel security and certificate here we see that the certificate hasn't expired yet but it is late april 2022 when i'm recording this video so in a little over a month the certificate will expire so it is a perfect time for me to renew the certificate at this point though i'm able to connect to the openvpn server just fine as you can see here from the openvpn connect app from my macbook also i can confirm the validity of my openvpn configuration file and the self-signed certificate it uses by changing to this directory here and issuing this openssl command on the openvpn config file listed in the directory here we see the same expiration date we saw earlier in dsm i'll switch back to dsm and now i'll renew or reset the certificate to create a new self-signed certificate here under certificate i'll click on settings then advanced and what we want to do is reset the certificate which kind of sounds scary from the description where it says it'll delete all other certificates from dsm in my experience though a certificate reset doesn't touch any of the other valid certificates and deletes only other expired certificates i'll go ahead and click on reset select yes on this warning message window and after the web server finishes restarting we'll be back to the certificate window and we can see that the self-signed certificate has been updated and has an expiration date one year from the date that i ran through these steps now if i try to connect to the openvpn server the connection fails because the certificate that openvpn uses is no longer valid at this point i'll need to download and set up a new openvpn configuration file and set up my macbook once again back in dsm i'll go to the main menu and select vpn server next i'll switch over to openvpn and click on export configuration which will download the openvpn archive that i'll extract off screen i'll then edit the vpnconfig.ovpn file to my specific setup again please refer to my previous video on openvpn for the specifics on editing this file once i'm done with editing i'll create a new profile in openvpn connect and drag in the file i just edited i'll update the profile name enter in the username and password for the openvpn connection then click add now i'll toggle on the new openvpn profile and if everything was set up properly i'll once again be able to connect to the openvpn server running on my synology nas we could also run the openssl command that we ran earlier on the new configuration file to confirm that we are using the new self-signed certificate which it looks like we are lastly i'll disconnect from the openvpn connection and delete the old openvpn profile that uses the expired and obsolete self-signed certificate for completeness i hope this video on renewing or resetting a self-signed certificate on your synology nas that is used by openvpn was helpful and if it was make sure to give this video a thumbs up also consider subscribing to this channel and make sure to check out some of my other videos listed here on screen lastly consider supporting my work by checking out the support this channel section in the description below thanks so much for watching

Info

Channel: Digital Aloha

Views: 6,143

Rating: undefined out of 5

Keywords: synology nas openvpn certificate renewal, openvpn, synology, synology nas, vpn, openvpn server, certificate, vpn server, synology tutorial, openvpn certificate, openvpn tutorial, openvpn server configuration, openvpn server setup, openssl 1416f086, error 1416f086

Id: XF4kDc87l9Y

Channel Id: undefined

Length: 6min 39sec (399 seconds)

Published: Thu Apr 28 2022