This needs to be done on a regular interval to avoid potential security risks. 

-Remote in to LCSOMGMT02


-Open Certify the Web, located on the Desktop




-Select "synology1.lcso.org" on the left side of the application window



-Click "Request Certificate" on the right side




-The relevant files will be saved to "C:\Tools\cert output" on LCSOMGMT02. You do not need to copy them, network paths will work.



--------------------Checkpoint :D You'll need to repeat the next few steps on each Synology------------------------


-Log in to the first Synology (Windows credentials)


-Open Control Panel -> Security -> Certificate




-Click Add -> Replace an existing certificate -> Select the exiting certificate (synology*.lcso.org) -> Import certificate


-Browse to the files that you copied from MGMT02 in this order: .key | .crt | .pem


-**The .pem file you want to use is named intcert.pem




-Repeat for the remaining Synologies


-Congratulations, you are breath-taking. 


__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

The following section is for if you ever need to set up the certificate retrieval process. This is not needed if you are just requesting a certificate

In case of emergency, scroll down.

Log in to LCSOMGMT02 and open Certify the Web


Click New Certificate in the top left



Enter the domain name of the device you are creating the certificate for | Ex: synology1.lcso.org

***More than one domain name can be added per certificate. The Synology cert contains the domain names for Synology's 1,2,3, and 4. ***



Select the Advanced tab, under the Discard Changes button

Select Signing & Security

Scroll down to the Security section and click New

Enter "synology" as the display name

Search in Keeper for "Synology Certificate Password" and enter it in the Password box

Save


Move to the Authorization tab

Challenge type: dns-01

DNS Update Method: Google Cloud DNS API (using Posh-ACME)

Key File Path: <Path to quantum gearbox JSON file> On MGMT02 this path is "C:\Tools\quantum-gearbox-316317-9984fc083747.json" | REMOVE THE QUOTES




Move to Deployment tab

Change dropdown to No Deployment if the certificate is not being deployed to the machine that you are creating the certificate on.



Move to Tasks tab

Under Deployment Tasks select Add

Select "Deploy to Generic Server (multi-purpose)"




Switch to Task Parameters tab

Set the Output file paths as follows:


C:\Tools\cert output\syn.crt

C:\Tools\cert output\syn.key

C:\Tools\cert output\syn.pem



Request Certificate. Hopefully you did everything correctly.