Synology replacing user certificates with their own revoked one

9 points by fcvarela ↗ HN
Looks like Synology devices are replacing valid certificates installed by users with their own revoked 'synology.com' one after each reboot.

If you have HSTS enabled, the only way to access the NAS is to disable checks which puts you at risk of MITM attacks.

2 comments

[ 3.2 ms ] story [ 16.6 ms ] thread
FWIW i've just verified this on a DS1019+ running the latest DSM. My certificate disappeared after rebooting and the default synology one (which I had deleted) reappeared.