ownCloud SSL self signed certs

Status
Not open for further replies.

MenacingM

Dabbler
Joined
Aug 21, 2013
Messages
19
For those of you who installed ownCloud from the FreeNAS plugin repo, you are likely experiencing problems syncing with ownCloud clients. The issue is related to a self signed cert that is installed with the PBI that is missing a commonName (FQDN) field.

I suspect that the SSL certificate installed with ownCloud will be resolved in the next release of the plugin in the FreeNAS plugin repo.

Until then, or if you simply prefer to create your own cert that matches your hostname, you can use this guide to create your own self signed certs.

The following guide assumes you have installed, configured, and are running the ownCloud plugin.

SSH into your FreeNAS and do the following:

Code:
jls
 
  JID  IP Address      Hostname                      Path
    6  -              owncloud_1                /mnt/ztank/jails/owncloud_1


Based on the JID of your Owncloud Jail, do the following:
Code:
jexec 6 /bin/tcsh
 
cd /usr/pbi/owncloud-amd64/etc/apache22/
 
openssl req -new -x509 -days 3650 -nodes -out owncloud.crt -keyout owncloud.key


Answer the questions and set common name to your intended FQDN. You should now have a owncloud.crt and owncloud.key file

Code:
ee /usr/pbi/owncloud-amd64/etc/apache22/extra/httpd-ssl.conf

Now look in the file for the text below and replace server with owncloud

Code:
SSLCertificateFile "/usr/pbi/owncloud-amd64/etc/apache22/server.crt"
 
SSLCertificateKeyFile "/usr/pbi/owncloud-amd64/etc/apache22/server.key"

OPTIONAL: Set your hostname by issuing the following from with your jail:
Code:
hostname whatever.wherever.com

NOTE: If you want this change to be persistent, you must make the change in the jails /etc/rc.conf

Restart Apache and you should be good to go.
Code:
/usr/local/etc/rc.d/apache22 restart

Let me know how it works for you guys. Feedback appreciated.



Sent from my iPhone using Tapatalk - now Free
 

Rickle

Dabbler
Joined
Aug 14, 2013
Messages
38
Confirmed this to be a good fix, thank you so much... saved me allot of grief.
 

raph

Cadet
Joined
Jan 17, 2014
Messages
8
Hi, looks good but can't get https to work with sync, this is what i get it the admin area:
Setup WarningYour web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken. Please double check the installation guides.

thx in advance
 

Rickle

Dabbler
Joined
Aug 14, 2013
Messages
38
Just as a test, i would try disabling "force https" and reload the site and see if that message comes up again. If not, that means you have certificate issues when running over https. Verrify that your servers hostname is the same as what is in the self singed certificates.

Make sure to re-enable https after.

Sent from my Nexus 4 using Tapatalk
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
Just as a test, i would try disabling "force https" and reload the site and see if that message comes up again. If not, that means you have certificate issues when running over https. Verrify that your servers hostname is the same as what is in the self singed certificates.

Make sure to re-enable https after.

Sent from my Nexus 4 using Tapatalk


Hi, just a question, I'm trying to enable "force https" but I can't have it working...how did u managed to?
Thanks
 

Rickle

Dabbler
Joined
Aug 14, 2013
Messages
38
You could try updating your OwnCloud plugin. The plugin should have self signed ssl certificates installed and configured allowing you to enable "force HTTPs".

otherwise,
Make sure your firewall(s) allow port 443
Make sure you have SSL certificates setup (the above tutorial will help you generate self singed SSL certificates)
Make sure your web server (apache22) is configured to use the certificates.

here are some links that might help you:
http://httpd.apache.org/docs/current/ssl/ssl_howto.html
http://forum.owncloud.org/viewtopic.php?f=3&t=3161

Best of luck
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
Thank you for the reply, Rickle, actually before posting the question, I already tried to solve my problem following the above tutorial (and I think I did it correctly) but unfortunately nothing changed...
Well, I guess I can just update manually the plugin, but I din't want to lose the music player that I read is not anymore present in O.C v.6
 

Makaveli6103

Contributor
Joined
Mar 18, 2012
Messages
104
I followed the above instructions and it says "The certificate is self-signed, and untrusted" when I try to login
 

Rickle

Dabbler
Joined
Aug 14, 2013
Messages
38
Thats normal, if you need to use singed ssl certs, you can look at startssl. The offer free certificates

Sent from my Nexus 4 using Tapatalk
 

Makaveli6103

Contributor
Joined
Mar 18, 2012
Messages
104
I cannot connect via WebDav. Should the above fixed this error also?
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken
 

Rickle

Dabbler
Joined
Aug 14, 2013
Messages
38
I cannot connect via WebDav. Should the above fixed this error also?
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken

Its hard to tell, but when i had that error message i could connect to webdav. It was just a warning since my ssl certs didnt match the server hostname.

You can go through your system logs (var/log/messages) and the owncloud logs, usually accessible in the admin page. might be hints in there.

are you getting errors on the client side?

I have also seen issues with windows clients not conneting due to self signed ssl certs, they were deemed unsecure. maybe try another client as a test.



Sent from my Nexus 4 using Tapatalk
 

Makaveli6103

Contributor
Joined
Mar 18, 2012
Messages
104
Yes I am getting these errors. I was trying to connect via iAnnotate on my iPad to start syncing my notes.

isWebDAVWorking: NO - Reason: [CURL] Error while making request: SSL: certificate subject name 'mydomainnamehere' does not match target host name '192.168.1.7' (error code: 51) (Sabre_DAV_Exception)
isWebDAVWorking: NO - Reason: [CURL] Error while making request: SSL: certificate subject name 'ownCloud' does not match target host name '192.168.1.7' (error code: 51) (Sabre_DAV_Exception)
 

Rickle

Dabbler
Joined
Aug 14, 2013
Messages
38
Yes I am getting these errors. I was trying to connect via iAnnotate on my iPad to start syncing my notes.

isWebDAVWorking: NO - Reason: [CURL] Error while making request: SSL: certificate subject name 'mydomainnamehere' does not match target host name '192.168.1.7' (error code: 51) (Sabre_DAV_Exception)
isWebDAVWorking: NO - Reason: [CURL] Error while making request: SSL: certificate subject name 'ownCloud' does not match target host name '192.168.1.7' (error code: 51) (Sabre_DAV_Exception)

Looks like the errors are due to the server name not matching your ssl cert name. This tutorial should help fix that issue.

You will have to use the hostname to connect instead of the ip address though.

From my experience, webdav worked fine. It just gave that error in the admin page.

Sent from my Nexus 4 using Tapatalk
 

Makaveli6103

Contributor
Joined
Mar 18, 2012
Messages
104
Looks like the errors are due to the server name not matching your ssl cert name. This tutorial should help fix that issue.

You will have to use the hostname to connect instead of the ip address though.

From my experience, webdav worked fine. It just gave that error in the admin page.

Sent from my Nexus 4 using Tapatalk


Yea I did use my hostname and not my ip address.
 

mister-man

Cadet
Joined
Apr 25, 2014
Messages
4
Hi,

I tried to rename the hostname in the rc.conf, after that my jail shows an startup error:

Code:
warden_exception('arp: 192.168.1.1:\n jexec 9 arp -s 192.168.1.3 <my mac>\n fi\n #\n # No defaultrouter configured for IPv4, so if bridge IP address was\n # configured, we set the default router to that IP.\n #\n elif [ -n ] ; then\n local ether=<my mac>\n get_ip_and_netmask \n if [ != YES ] ; then\n jexec 9 route add -inet default 192.168.1.3\n else\n jexec 9 route add default gateway 192.168.1.3\n fi\n if [ -n <my mac> 4 ] ; then\n get_ip_and_netmask :: Unknown server error\nroute: writing to routing socket: File exists\njexec: jail "/usr/pbi/owncloud-amd64/control" not found\n',)


After that my owncloud doesn't work until i ranme the hostname back to "owncloud_1".
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
Right.. you can't rename the jails after you've created them without significant alterations.
 

mister-man

Cadet
Joined
Apr 25, 2014
Messages
4
Okay, but if I create a Jail, Freenas doesn't ask for a name.
Is there a way to change the DNS Hostname to an other?
 

Cufre

Cadet
Joined
Aug 24, 2014
Messages
1

adrianwi

Guru
Joined
Oct 15, 2013
Messages
1,231
Very useful guide - thanks!

I've been meaning to switch to https access for a while, but it was one of those 'if it isn't broken' things and I use it daily so didn't want too!
 
Status
Not open for further replies.
Top