AlexNogard: IT HowTo

Linux & Opensource : Monitoring : Centreon, Nagios, Owncloud ..

By

Set Up secure SSL connection for Owncloud

logo Owncloud 4.5.4

Regarding the ownCloud service, where confidential data maybe stored, the first thing to do is to secure the frond end seting up an SSL security and force HTTPS connection so that your passwords do not circulate in clear text on the WWW. It’s take less than 10 minutes and that prevent some data leak.

Here is the How To :

You have to install two mods to integrate SSL : mod_ssl & openssl :

# yum install mod_ssl openssl

Create an X.509 auto-signed certificate

# openssl genrsa -out owncloud.key 2048

The second step is to do CSR (Certification Signing Request) generation from our 2048 bits key. In this part, we’ll fulfill informations regarding our “organisation”

# openssl req -new -key owncloud.key -out owncloud.csr

Then, we auto-signate our certificate

# openssl x509 -req -days 365 -in owncloud.csr -signkey owncloud.key -out owncloud.crt

Move files in right folder :

# mv owncloud.crt /etc/pki/tls/certs
# mv owncloud.key /etc/pki/tls/private/
# mv owncloud.csr /etc/pki/tls/private/

Edit your owncloud.conf to add the SSL virtualhost :

# vim /etc/httpd/conf.d/owncloud.conf

<VirtualHost *:443>
DocumentRoot /owncloud
SSLEngine On
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/owncloud.crt
SSLCertificateKeyFile /etc/ssl/owncloud.key
</VirtualHost>

We force owncloud to use SSL modifying a config parameter :

# vim /owncloud/config/conf.php

// Ajouter le paramètre :

‘forcessl’ => true

Lastly, restart your apache server

# service httpd restart

You now have secured your access to ownCloud front-end :

Certificat SSL Owncloud
If you have any questions or comments, the comments are there for that 😉

Feel free to share this article with share buttons !

5 Responses to Set Up secure SSL connection for Owncloud

  1. Trond says:

    I can’t get it to work …. When I try on the internal network, everything works fine. Just have to add the certificate to trusted root certs, but when I try to go through my public IP I just get error from chrome :”ERR_SSL_PROTOCOL_ERROR” Do you have any idea on what im doing wrong?

    Thanks in advance :)

    Great article btw!

  2. Phillip Spellman says:

    Hey,

    You move the cert and key to /etc/pki/tls/… and then point the webserver to /etc/ssl/..

    Is this on purpose? I might be misunderstanding something here.

    Cheers,

  3. CaseyLabs says:

    Bash install script for CentOS 6 is as follows (including directory typo fixes):

    #!/bin/bash
    # Installs SSL support for OwnCloud 6

    yum install mod_ssl openssl -y
    openssl genrsa -out owncloud.key 4096
    openssl req -new -key owncloud.key -out owncloud.csr
    openssl x509 -req -days 365 -in owncloud.csr -signkey owncloud.key -out owncloud.crt
    mv owncloud.crt /etc/pki/tls/certs
    mv owncloud.key /etc/pki/tls/private/
    mv owncloud.csr /etc/pki/tls/private/

    cat <> /etc/httpd/conf.d/owncloud.conf

    DocumentRoot /owncloud
    SSLEngine On
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile /etc/pki/tls/certs
    SSLCertificateKeyFile /etc/pki/tls/private/owncloud.key

    sed -i ‘s/’\”forcessl’\” => false/’\”forcessl’\” => true/g’ /etc/owncloud/config.php

    service httpd restart

  4. CaseyLabs says:

    Typos in the last comment… here’s the complete script again:

    yum install mod_ssl openssl -y
    openssl genrsa -out owncloud.key 4096
    openssl req -new -key owncloud.key -out owncloud.csr
    openssl x509 -req -days 365 -in owncloud.csr -signkey owncloud.key -out owncloud.crt
    mv owncloud.crt /etc/pki/tls/certs
    mv owncloud.key /etc/pki/tls/private/
    mv owncloud.csr /etc/pki/tls/private/

    # This should be double … might be stripped out by webpage commenting system
    cat <> /etc/httpd/conf.d/owncloud.conf

    DocumentRoot /owncloud
    SSLEngine On
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile /etc/pki/tls/certs
    SSLCertificateKeyFile /etc/pki/tls/private/owncloud.key

    EOF

    sed -i ‘s/’\”forcessl’\” => false/’\”forcessl’\” => true/g’ /etc/owncloud/config.php

    service httpd restart

Leave a Reply

Your email address will not be published. Required fields are marked *