Synology replacing user certificates with their own revoked one

Looks like Synology devices are replacing valid certificates installed by users with their own revoked 'synology.com' one after each reboot.

If you have HSTS enabled, the only way to access the NAS is to disable checks which puts you at risk of MITM attacks.

9 points | by fcvarela 1653 days ago

1 comments

  • fcvarela 1653 days ago
    FWIW i've just verified this on a DS1019+ running the latest DSM. My certificate disappeared after rebooting and the default synology one (which I had deleted) reappeared.
    [-]