After setting up Plex on my Synology NAS, I was confused that it seemed to be very difficult to install an SSL Certificate. After much time and research I found a relatively simple way to install your Synology NAS’S SSL certificate on Plex.
- First you will need to go to Control Panel on your Synology NAS
- Go to Security and select Certificate from the top tab
- Select the small arrow next to add and select export certificate
- You will then receive a zip file.
- Next go to https://indy.fulgan.com/SSL/ and get the openssl executable, this will download a zip file
- Now unzip the zip files from step 4 and 5 into one folder
- Right click on openssl.exe and select run as administrator
- Run the command pkcs12 -export -out lakeside.jarrods.example.pfx -in cert.pem -inkey privkey.pem -certfile chain.pem -name “lakeside.jarrods.example” (Replace both lakeside.jarrods.example with your domain name)
- Enter a password for the certificate
- Now a file will be exported, the name will be ****.pfx (The name you specified above)
- Upload this file to the Plex folder on you Synology NAS
- Log into Plex and go to Settings -> Network -> Advanced settings
- Enter the Path to your file in the “custom certificate” option. Then enter your password into the “custom certificate encryption key” option.
- Enter your domain name in the “custom certificate domain”
- Select save
- In Package Manager, go to Plex and restart it
A big thank you to this post on Imgur https://imgur.com/a/9UKLh
Hi there,
Great post, just want to add a small info for anyone who find this post over the internet
“Custom certificate encryption key” is what you entered at step 9 (Enter Export Password).
Hi – small change to procedure – DSM 7 for some reason has changed the cert export format – you get 6 files now, not 3, and they are prefixed with RSA- and ECC-. I was able to do it by changing the openssl command to:
pkcs12 -export -out host.domain.com.pfx -in RSA-cert.pem -inkey RSA-privkey.pem -certfile RSA-chain.pem -name “host.domain.com”
Awesome, thanks for the update Andrew! 🙂
I’ve just gone through this whole process and have found some additional command arguments are required to get this to work now.
I had to add the following to the end of the openssl command:
-certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256
After this, it all works beautifully.
Thanks for this!
For point 5, how would one proceed if using a Mac? Is it as easy as “brew install openssl” in the Terminal?
Hey Stabilo,
Yes that would likely work. I’m sorry but I don’t have a mac to test with.
Hey !
Thanks, how did you manage renew the *.pfx ?
Hey Antoine,
When it came time to update the certificate, I purchased a new one from ssls.com. I just repeated the whole process again to get a new cert for plex.
Hum ok, as i’m working with Let’s Encrypt, renewed by Docker container, i’ve modified and git the script i use, if you want 🙂
https://github.com/AntoineCardon/Renew-SSLForPlex-Synology/
Thanks Antoine! I’m sure it will help someone out.
Just wanted to say that person was me – really helped me out. I needed to make a few changes to the script to use RSA-cert.pem etc. rather than cert.pem but once that was fixed it worked perfectly.
Fantastically helpful, thanks!
Thank you for this article!
Thanks for this article, I’ve used it twice – since my old cert expired recently.
I noticed the word Plex in the path (/volume1/Plex/certificate.pfx) is case sensitive. With a lower case p, it doesn’t work.
Hi there,
I used this method successfully for 2 years, but now it doesn’t work, does anyone know what has changed? Thank you
I was able to use this method for years. But, I recently upgraded to a wildcard SSL cert and Plex doesn’t like it. I’ve tried several different methods but no dice. Anyone figure it out? Thanks.
If anyone is having issues recently, the reason is due to encryption. See this article from the Plex forum:
https://forums.plex.tv/t/ssl-became-broken-after-latest-pms-update/837416
Basically you need to add a couple of variables to the command to get everything to work:
pkcs12 -export -out yourdomain.com.pfx -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 -inkey privkey.pem -in cert.pem -certfile chain.pem -name “yourdomain.com”
Anyway, that fixed it for me.