A certificate can be used to secure SSL services of the DiskStation, such as web (all HTTPS services), mail, or FTP. Having a certificate allows users to validate the identity of a server and the administrator before sending any confidential information.
The Certificate tab (located at Control Panel > Security > Certificate) provides options to manage and view the status of DiskStation certificates, allowing you to create, import/export, or renew certificates. The certificate setup wizard helps create self-signed certificates or download certificate signing requests (CSR) for registration with certificate authorities (CA).
The certificate set here will automatically be used by OpenVPN Server if VPN Server is installed.
A self-signed certificate refers to a certificate that was created and signed by the same entity whose identity it certifies (in this case, the DiskStation). Self-signed certificates are signed with the private key generated by the DiskStation. Because self-signed certificates are not issued by third-party certificate authorities, they provide less proof of the identity of the server and are usually only used to secure channels between the server and a group of known users.
Creating a self-signed certificate will replace the existing certificate of the DiskStation.
In order to apply for a certificate from a third-party certificate authority, you must first create a certificate signing request (CSR). A certificate signing request is an encrypted body of text generated by the DiskStation containing information that will be included in your certificate such as your domain name, organization name, general location, and email address. The setup wizard can help you generate certificate signing request in order to apply for a signed certificate for the DiskStation.
To acquire a certificate from a commercial or third-party certificate authority, you will need to provide your personal or organization's identification, and prove you are the owner of the domain name that was entered in the common name field of the certificate signing request.
A private key shall also be generated along with the certificate signing request. Certificate authorities do not need this private key. Please keep the private key for your DiskStation safe and secret.
Once your certificate has been issued by the certificate authority, it can be imported along with your private key (see below for instructions).
Existing certificates can be downloaded for management or archival purposes. The exported file contains the certificate, private key, and self-signed root certificate of the DiskStation.
This option allows you to import certificates issued from certificate authorities or previously exported certificates, together with a private key.
When your certificate is about to expire, it can be renewed using this option.
This option allows you to sign a certificate signing request using the root certificate of the DiskStation.