Adding an SSL/TLS Certificate to All of the Things

I don’t like seeing browser warnings when using visiting my home devices that have self-signed SSL certificates. I also like the option of browsing to hostnames instead of IP addresses. So, I’ve purchased a domain name, a wildcard SSL certificate, and set up an internal DNS server to resolve domain names to internal IP addresses. As a result, when I want to go to my Synology NAS’s web interface, I  can visit ‘https://nas.bourneid.com’ instead of ‘https://192.168.19.5:5001’. I’ve set up a reverse proxy on the NAS (which is also my internal DNS server) to map domain names to specific ports so I don’t need to specify 5001 (the Synology NAS web interface HTTPS port) as well.

Using a Wildcard certificate allows me to purchase one certificate and apply it to many (unlimited) different devices, each with their own fully qualified domain name within my network.

I have set this up for my Synology NAS, various Docker containers (running on the NAS), a Unifi Cloud Key, my DVR’s (IP Cameras), a printer, and some Pi-Holes. Getting this working on each device is different, so I’ve made several pages detailing exactly how to get all of this set up (more guides coming soon):

  1. Purchasing a domain name
  2. Purchasing a Wildcard SSL Certificate
  3. Set up Synology NAS DNS Server
  4. Set up Synology NAS Reverse Proxy
  5. Installing a Wildcard SSL Certificate on a Synology NAS
  6. Installing a Wildcard SSL/TLS Certificate on a Splunk Web (Running in a Docker Container)
  7. Installing a Wildcard SSL Certificate on a Unifi Cloud Key
  8. Installing a Wildcard SSL Certificate on a Unifi NVR
  9. Installing a Wildcard SSL Certificate on Pihole
  10. Installing a Wildcard SSL Certificate on a Canon Printer