[SOLVED] HTTPS connection with “Warning: Potential Security Risk” or invalid certificate


In October I inquired about this topic: “HTTPS connection with” Warning: Potential Security Risk “or invalid certificate” here:

My request was to initiate connections on Windows browsers without having security warnings for lack of a signed certificate.

I was told by multiple users - which I thank - that I could use the certificates signed by Synology.

Unfortunately at the time for not having understood the instructions well and secondly for lack of time I put aside the search for the solution.

Today I return to this topic to confirm that the replacement of the Syncthing https-cert.pem and https-key.pem files was successful, consequently I no longer receive the security warnings.

I inform Windows/Synology users possibly interested in the topic and who have not solved it, that the https-cert.pem and https-key.pem files that I was advised to replace with those issued by Synology on Windows are located at the path: C:\Users\MyUser\AppData\Local\Syncthing.

On the other hand, the certificates issued by Synology have these two names: “RSA-privkey.pem” and “RSA-cert.pem” (or also “ECC-cert.pem” and “ECC-cert.pem” as Synology issues two types of certificates)

It was enough to simply rename the two files “RSA-privkey.pem” and “RSA-cert.pem” in https-key.pem and https-cert.pem, then copy them to the path: C:\Users\MyUser\AppData\Local\Syncthing.

I am no longer receiving security alerts. What I don’t know, but which no longer represents a problem, is the possible expiration of the certificates used which could give rise to a new security warning, which can be solved as already explained …


// Edit, WW: https-

I don’t quite understand what the Windows path has to do with it. Are you using the certificate from copied Synology for your Syncthing instance running in Windows? That’s an interesting approach but I think there might be easier ways to install a valid certificate under Windows (see Let’s Encrypt). I never advised such an action for sure.

However, there is a dangerous recommendation in your post. You should only overwrite the HTTPS certificate, not the Syncthing device certificate. That would lead to losing all connections to other devices because the local device ID would change.

Please correct your post above to mention:

Files https-cert.pem and https-key.pem

instead of

Files cert.pem and key.pem (WRONG!)

Other users may find this thread and end up destroying their setup if they only read the first post.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.