jwy wrote:After enabling HTTPS Connections (Control Panel -> Network -> DSM Settings), I learned that the web service fails.
I think this is where a little elaboration will help me understand what is happening to y'all. Your web service should not fail because you have enabled HTTPS connections.
vicw wrote:I can't tell how effective it is, or whether data is being encrypted or not, but I can live with it for now.
One thing is for sure, these SSL certificates don't have anything to do with actually encrypting the information. If you are successfully connecting using the https:// protocol, the information is encrypted. Even if your browser doesn't like the certificate and gives you errors and the red X on the https, the data is still encrypted.
I'm a little confused what the problem is for you; even when I was having cert issues, I was still able to connect to the DSM with a red X. If y'all care to elaborate a little, maybe I can begin to understand.
vicw wrote:For the life of me, I don't understand why Synology puts this burden on its users. We should be able to just import the composite .PFX Certificate file that StartSSL generates, as we are able to do on our PC browsers. There is no reason why we are doing all of this manipulation of date encryption. We should never have to deal with the internals of that file.
I believe this is more standard procedure for verifying servers connected to the internet, rather than a Synology thing. If there were a way to simply load up the certificate, it would bypass the domain validation procedure mentioned here
"The commercial CAs that issue the bulk of certificates that clients trust for email servers and public HTTPS servers typically use a technique called "domain validation" to authenticate the recipient of the certificate. Domain validation involves sending an email containing an authentication token or link, to an email address that is known to be administratively responsible for the domain. This could be the technical contact email address listed in the domain's WHOIS entry, or an administrative email like postmaster@ or root@ the domain. The theory behind domain validation is that only the legitimate owner of a domain would be able to read emails sent to these administrative addresses."
but getting it to actually work, that's an undertaking for sure. Even with everything installed properly, there seem to be days when I get the red X anyway.
let me know if my limited knowledge is of any use!