I don’t like seeing browser warnings when using visiting my home devices that have self-signed SSL certificates. I also like the option of browsing to hostnames instead of IP addresses. So, I’ve purchased a domain name, a wildcard SSL certificate, and set up an internal DNS server to resolve domain names to internal IP addresses. As a result, when I want to go to my Synology NAS’s web interface, I can visit ‘https://nas.bourneid.com’ instead of ‘https://192.168.19.5:5001’. I’ve set up a reverse proxy on the NAS (which is also my internal DNS server) to map domain names to specific ports so I don’t need to specify 5001 (the Synology NAS web interface HTTPS port) as well.
Using a Wildcard certificate allows me to purchase one certificate and apply it to many (unlimited) different devices, each with their own fully qualified domain name within my network.
I have set this up for my Synology NAS, various Docker containers (running on the NAS), a Unifi Cloud Key, my DVR’s (IP Cameras), a printer, and some Pi-Holes. Getting this working on each device is different, so I’ve made several pages detailing exactly how to get all of this set up (more guides coming soon):
- Purchasing a domain name
- Purchasing a Wildcard SSL Certificate
- Set up Synology NAS DNS Server
- Set up Synology NAS Reverse Proxy
- Installing a Wildcard SSL Certificate on a Synology NAS
- Installing a Wildcard SSL/TLS Certificate on a Splunk Web (Running in a Docker Container)
- Installing a Wildcard SSL Certificate on a Unifi Cloud Key
- Installing a Wildcard SSL Certificate on a Unifi NVR
- Installing a Wildcard SSL Certificate on Pihole
- Installing a Wildcard SSL Certificate on a Canon Printer