Posted on by Dewey Bravo

Owncloud Part 2

After some research it became pretty clear that getting SSL to work with a private key would be simple.  You must make sure that openssl is installed, and yum installing it should do everything required to get that working.
# Generate private key
openssl genrsa -out ca.key 1024

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
Then you have to tell Apache to use the new keys by editting the ssl.conf file.
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Add in lines:
SSLCertificateFile /etc/pki/tls/certs/ca.cr
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Once the correct SSL Certificates were installed, and the Apache service was restarted, the SSL kicked in.  Using a browser to access OwnCloud over https just started working.  All you have to do is accept the untrusted certificate when accessing the page. Once you tell your client to accept using that key, all functionality of the site will now operate the same, but will now use https, including downloading files through encrypted means.

The trouble, however, is that it is a private key, and therefore is automatically not trusted.  In order for any windows OwnCloud client to work, it has to be a trusted certificate.

The easiest way to trust a certificate in windows is to open Internet Explorer to the https url and click on the “Continue to webpage” option.  Once it’s using that certificate, it will say something along the lines of “Certificate Error” in the URL line.  Click on that, and it should allow you to “View Certificates” from which you can install the certificate and place it into a specific “store” called something along the lines of “Trusted Root Certificate Authorities” which will basically allow any kind of SSL communication using that certificate.
Once that’s installed on the windows client as a trusted certificate, the windows OwnCloud client was able to sync with the https URL.

Leave a Reply

Your email address will not be published. Required fields are marked *

301 Moved Permanently

Moved Permanently

The document has moved here.