How to configure self signed SSL certificate in owncloud Ubuntu
Before directly jumping into this tutorial you must have running owncloud server in your system.
I have written it in my previous post,you can learn how to from this link https://sharadchhetri.com/2013/05/15/installing-owncloud-in-ubuntu-13-04/
In this tutorial we will learn how to configure self signed ssl certificate in owncloud.
The method is applied to apache2 no matter it is Debian or Ubuntu.If still you have any doubt leave the comment.
To configure the Self Signed Certificate follow the given below steps.
Step(1) Install openssl in server as we have already running owncloud hence installing of apache2 is not required.
$ sudo apt-get install openssl
Step(2) Enable the ssl and rewrite module in apache2
$sudo su - #a2enmod ssl #a2enmod rewrite
Step(3): Create a ssl directory inside /etc/apache2
# mkdir -p /etc/apache2/ssl
Step(4): Create self signed ssl certificate. And fill information which it will ask.
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/owncloud.pem -keyout /etc/apache2/ssl/owncloud.key
Now we will configure the owncloud.conf file.
Step (5): Edit the owncloud.conf file
In owncloud.conf file I redirect port 80 request to port 443.
Configured the SSL engine and its key path. And the DocumentRoot parameter is also used.
Note: In the below given configuration I am using IP based Virtual Hosting in apache. If you have DNS configured you can set it as name based configuration also.
Replace 192.168.1.34 with you server IP address
vi /etc/apache2/conf.d/owncloud.confRewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] SSLEngine on SSLCertificateFile /etc/apache2/ssl/owncloud.pem SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key DocumentRoot /var/www/owncloud/ AllowOverride All order allow,deny Allow from all
Step (6) Restart the apache2.
service apache2 restart
Step(7) Open the webbrowser and type the url of owncloud you will see it by defualt goes to https.
If you want both http and https then remove the redirection at para of “VirtualHost *:80 …. </VirtualHost> “
I searched my entire linux directory and I cannot find the owncloud.conf file. I found a configuration php file, but I do not think that is the correct file to modify. Is there something I’m missing?
So I got my cert and key up and running but since it’s a self signed key google and IE keep saying the site is untrusted. I’ve tried exporting the cert and putting it in the trusted store but that doesn’t seem to be working. I have the server set up so people from the outside can talk to it. But just by ip.
Hi Wafflez,
If it is public access, I will highly recommend to use domain name for this. Create Certs by referring domain or sub domain name.
Regards
Sharad
Thank you so much for responding Sharad. I apologize that I neglected to check the box to notify me of new comments. I will share what I learned for the benefit of others.
I have no proxy setup in Apache. I did not enable the forced SSL in Apache so that I am able to browse via the internal IP on my local lan. I am able to log into Owncloud without SSL as well.
The log shows that the PHP session files were being written with no permissions so that they can not be accessed. The answer is that processes can have their own permission modes in linux, and Apache2 and PHP both do this. The permissions mode operates separately from owner and group and is set with the octal representation.
The TL;DR answer here is good: https://stackoverflow.com/questions/14724422/php-session-files-permission/27079746#27079746
The instructions for session.save_path in the ini file help, and so does the handbook section: http://php.net/manual/en/session.configuration.php#ini.session.save-path
Once I found php.ini, I also found that the php.ini session_path was incorrect. On my Ubuntu 14.04 server, php.ini is located in /etc/php/apache2, and the default session path was commented out.
My own php.ini entry:
session.save_path = “0;774;/var/lib/php5/session”
I can now brwose to an https address an dlog in from the web.
Mark
Thank You Mark,
Highly appreciate for writing the very clear explanation. Your comment surely help many people.
Let me know if I can help you with in any other technical issue.
With Respect
Sharad