Securing Synology Diskstation Traffic

Hi,
I like to understand ssl certificates and web browser security specifically when using Synology Diskstation Manager.  While Quickconnect has https enabled, it appears that traffic won't be encrypted throughout all points of the interwebs through ultimately reaching the diskstation destination because Synology has some sort of proxy in between.  It sounds like the same logic would apply when using their iphone apps too.  That would be nice to confirm here.
Anyway, I obtained a certificate from GoDaddy to apply a DDNS ie mydiskstation.synology.me account but I discovered that  I cannot install the certificate because I do not own the synology.me domain. I can set it up with that certificate if I have a domain; and I do.  This requires port forwarding 5001  on the router but then I begin to look at simply creating self signed certificate.  Sounds like this is fine but there's the potential albeit very unlikely with a man in attach if they somehow highjacked your DNS and pointed it to another Synology.  Idunno, I don't understand the great appeal of third party certificates now know that the likely hood of that happening is very small.  Also, maybe the self signed certificate isn't up to Chrome standards like the article mentions below.  Any thoughts on all this?


Chrome doesn't like certain certificates
http://googleonlinesecurity.blogspot.sg/2014/09/gradually-sunsetting-sha-1.html
LVL 1
snoopaloopAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
Once you save self-signed certificate on a client nobody can sneak in between.
0
snoopaloopAuthor Commented:
I understand that part.  Can you answer the questions regarding Synology?
0
gheistCommented:
very hard to tell given vague description you provided.
probably there is some place you can import your key and certificate in web ui. That may or may not be shared with webdav server.
0
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

snoopaloopAuthor Commented:
Let me repeat more directly.  Please refer to original question I posted for in depth thoughts or inquiries.

Does connecting to any phone application using Quickconnect have the same security issues as using the web browser https://quickconnect.ect 

Is it worth purchasing the certificate when you can simply create your own?  The own difference is there's no Godaddy verifying the cert

Is the self signed Synology certificate up to Chrome standards?  Chrome tends to blast warnings all the time for SSL that are not up to snuff
0
gheistCommented:
Yes, all SSL connections are same

While it is just people yu know you can tell them to accept self-signed certificate
When it is more - create company's CA and import it into all relevant devices/PCs

Chrome insists on SHA-2, Firefox does not negotiate lower SSL versions than highest advertized. It is all up to synology-s SSL implementation if they pass the tests.
Chrome wll ask to accept self-signed cert and pin it to your site IF it is SHA2 2048bits. (e.g. you need to accept it every time if your SSL server is java 5 and does support only SHA1 and MD5)
Firefox will refuse to connect if your SSL site misadvertizes high SSL protocol version but does not support it. (e.g. RHEL5 is broken)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snoopaloopAuthor Commented:
I got this one answered...

    Does connecting to any phone application using Quickconnect have the same security issues as using the web browser https://quickconnect.ect 

*** Yes.  You can connect directly to your WAN IP to avoid issues.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage

From novice to tech pro — start learning today.