Here is another info.dump with directions on how to setup SSL on your ownCloud server. This will greatly improve the security of your server by not allowing an attacker to intercept your password in plain text over the internet. If you are going to be using the ownCloud outside of a private LAN, this is a must!
NOTE: Most of these directions where found here on the ‘Ubuntu Server Guide’ site…
Server is assumed to be running Linux (Ubuntu 12.04).
Change to ‘root’:
AllowOverride None to
You should edit the section of the file to looks like this:
You will need to enable apache module mod_rewrite, mod_headers and mod_ssl to enable both modules use the following command:
a2enmod rewrite && a2enmod headers && a2enmod ssl
Restart apache2 daemon:
service apache2 restart
Edit the configuration file
Change the following lines in the document with the following information:
dir = /root/SSLCertAuth
default_days = 3650
default_bits = 2048
countryName_default = US
0.organizationName_default = "Organization Name"
Create Directory to save the SSL Certificate Authority, in this case make the directory name
chmod 700 /root/SSLCertAuth
mkdir certs private newcerts
echo 1000 > serial
To generate the Certificate Authority (CA) run the following:
Note: Be sure to enter in your PEM passphrase and log it in a secure location. Also, you should make sure that you fill in the correct information for your cert. The
common name will be your sites external site address.
openssl req -new -x509 -days 3650 -extensions v3_ca \
-keyout private/cakey.pem -out cacert.pem \
Create a Certificate Signing Request:
openssl req -new -nodes \
-out apache-req.pem \
-keyout private/apache-key.pem \
Generate the certificate:
openssl ca \
-config /etc/ssl/openssl.cnf \
-out apache-cert.pem \
Copy the files to directory /etc/ssl:
cp /root/SSLCertAuth/apache-cert.pem /etc/ssl/crt
cp /root/SSLCertAuth/private/apache-key.pem /etc/ssl/key
Configure HTTPS apache2 web server, create the SSL log and create a new file
/etc/apache2/conf.d/owncloud5-ssl.conf to add the SSL virtualhost:
Edit the file with the following info:
ServerName "Server IP"
CustomLog /var/www/logs/ssl-access_log combined
Restart the apache2 server:
service apache2 restart
That is it! Now goto your ownCloud page with
https:// and you should have a secure connection!
- You will need to make sure that you have your NAT forwarding port 443 to your server to allow the secure traffic to reach it.
- If this does not work (EX. You dont get a webpage) you may need to make sure that you have the correct info entered in the
DocumentRoot /var/www/owncloud. I have seen this location possibly be different if you did not install using the ownCloud repo (see me other post on installing ownCloud for the right way to do it: http://atari911.com/2013/07/29/install-owncloud-info-dump/).
- You will see a red X over the
https://. This is because we are using a “self signed certificate” and it was not verified with a trusted authority. All this means is that the world wide web does not trust you because you are not a big, money hungry corporation. This message can be safely ignored because if you cant trust yourself, who can you trust?