GateOne not opening anymore on Synology as being "unsafe" due to an expired certificate.

There are many many reasons why sometimes GateOne does not open correctly on Synology. One of those is the expiration of your certificate.

Click to Read More

Notice that I am using my own packaging of GateOne for Synology (to be found here). In order to run properly, GateOne needs a copy of the certificates of your Synology. My Package is taking care of that during the installation. But if the system certificate expired or is renewed, GateOne will be in trouble as long as you don't copy yourself the renewed certificate into its setup folder. The symptoms are:

If you open GateOne in a DSM window, you get this: "The webpage at xxx might be temporarily down"

If you open GateOne in a new window, you get this: "Your Connection is not private", ERR_CERT_DATE_INVALID

If you click on Advanced, you see that "this server could not prove it is xxx : its security certificate expired xxx days ago":

If you click on "Proceed to xxx (unsafe)", GateOne will open in a new window. But if opened in the DSM, it will display the following messages:

To solve this, if you didn't renew your certificates yet, do it ! Go to the "Control Panel" > "Security" > "Certificate". Select your certificates one by one and open the "Add" menu + select "Renew certificate"

An alternative is to open a SSH console (See here) and execute the command: /usr/syno/sbin/syno-letsencrypt renew-all -vv

Once the certificates are renewed, in a SSH console, execute:

  • cp /usr/syno/etc/certificate/system/default/cert.pem /var/packages/MODS_GateOne/target/ssl/cert.pem
  • cp /usr/syno/etc/certificate/system/default/privkey.pem /var/packages/MODS_GateOne/target/ssl/privkey.pem
  • /usr/syno/bin/synopkg restart MODS_GateOne

Notice: the path "/var/packages/MODS_GateOne/target" is only valid for GateOne installed with my own package. The path of the official package is probably "/usr/local/gateone/ssl/".

Leave a Reply

Your email address will not be published. Required fields are marked *