Hardening Syncrify

I am a great fan of the program Syncrify . It is a cheap, fast, reliable program with versioning. It uses the Linux rsync program to do backups and only copies the changed blocks

The program uses http or https protocols to communicate.

To use the https protocol, you need to enable it in the server configuration. The details are here. Https is a protocol that verifies the identity of the server that you are contacting. To make this work, you need to do a few things

  • You need to access the server by name eg https://mysecureserver.cybersecurity.sarossy.com and not by number https://192.168.5.4 You can add this address to your hosts file, DNS server or the domain host
  • You need to have a domain that you control to do this. You can use a domain host like namecheap.com to buy one for as little as $1.43 per year https://www.namecheap.com/domains/domain-name-search/
  • You need to purchase a certificate for your syncrify server – again these are cheap eg positivessl certificate for $5.88 per year. In this example we buy the certificate for mysecureserver.cybersecurity.sarossy.com
  • The certificate and key that you get from the certificate issuer needs to be converted into the pfx format. You can download and install OpenSSL or just convert it online here – remember the passphrase
  • You need to upload your pfx file to the syncrify server by opening http://192.168.5.4:5800/app?operation=impcert in this case my server is at that ip address
  • The final step is to upload the certificate file and the intermediate certificates to the CACERTS file within the syncrify CLIENT directory. it is found under C:\Program Files\SyncrifyBackupClient\jre\lib\security . You can use keytool.exe but a better option is the program keystore explorer . You also need to install the intermediate CA certificates which should be included in your purchase of the certificate. For PositiveSSL, these 2 certificates can be extracted from the CAbundle file. You can decode the contents with this website

Once that is all done, you can change the address on the syncrify client to the new name and all communications are encrypted