A self signed certificate is not less good than a bought one, if it is unique and verified. I would assume the uniqueness is properly solved by Synology as it’s a mass product and this would be a 10/10 CVSS Vulnerability and by importing it into the keystore manually, you are verifying it.
Was this one every solved on DSM 7.x?
I exported the CA file from my NAS and imported the pem file into the default keystore, which is linked to /etc/ssl/certs//java/cacerst
But I still received an error message if I want to download the calendar into teh icalended add-on.
Download of calendar failed with ExecutionException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
is this the same keystore that is used for openhab which in an apt based installation is located at /var/lib/openhab/etc/keystore ?
Ok, another location to find a keystore. Will try to use that one and see what happens.
Thanks for the hint!