With DSM version 4.2-3202 certificate management has been added:

Certificate Management

Certificate management allows you to create a self-signed certificate or a certificate request, or import certificates to DSM for encrypted services, such as web (HTTPS), FTP, RADIUS server, and mail services. You can view info regarding your server certificate, including expiration date, issuer, and subject (common name) in Control Panel > DSM Settings.

Obviously VPN services are not supported, so I describe the easy configuration for the HTTP web service only; if anybody knows how to reuse these certificates for the VPN service, please let me know.

Creating a self signed certificate is easy and not command line driven.



Add your Subject Alternative Names (SAN) when needed, finally export certificates and keys:




The following files are exported:




Login to your Synology NAS and find the following files:

-r——– 1 root root 1679 Jun 4 17:27 /usr/syno/etc/ssl/ssl.key/ca.key
-r——– 1 root root 1679 Jun 4 18:28 /usr/syno/etc/ssl/ssl.key/server.key
-r——– 1 root root 1452 Jun 4 17:27 /usr/syno/etc/ssl/ssl.crt/ca.crt
-r——– 1 root root 1476 Jun 4 17:28 /usr/syno/etc/ssl/ssl.crt/server.crt