using OwnCloud Zimlet with an OC Server with self-signed certificate

Interested in talking about Mash-up's? This is the place.
Post Reply
v1rtu4l
Posts: 36
Joined: Tue Jun 28, 2016 3:04 pm

using OwnCloud Zimlet with an OC Server with self-signed certificate

Post by v1rtu4l »

after successfully following the prerequisite and installation guide here https://github.com/Zimbra-Community/owncloud-zimlet i am able to set the credentials of the user in the web client and choose the default folder (this means it actually is able to read what folders are hosted on that owncloud server for that user).

if i try to open the own cloud tab on the web client though we get an error like "server rejected the connection" (in german: "Server hat die Verbindung getrennt") if we connect from outside (the internet).

if we connect from the same LAN we get the message:

Code: Select all

"Content was blocked because it was not signed by a valid security certificate. 
For more information, see “About Certificate Errors” in Internet Explorer Help." 
it is true that both the zimbra server itself (it's a standalone all in one server with all services apart from DNS installed) and the owncloud server do not possess a commercial/valid certificate. both certificates are self-signed.

so i tried to somehow make the zimbra server trust the certificate of the owncloud server. i did download the public part of the certificate with the internet explorer once as DER and once binary-encoded and tried to put them into /usr/share/ca-certificates, /usr/local/share/ca-certificates/ and even /etc/ssl/certificates and run "update-ca-certificates" but that did not do anything. it did even say that there was 0 certificates added. the certificates themselves have a ".cer" extension but i already tried it with the .cert extension as well.

the part i am probably missing is making the self-signed certificate of the owncloud server trusted on zimbra. can anybody help me with the correct place to put the certificates and the command to update it ?


P.S.: i already put the IP address and the FQDN of the zimbra server into the trusted domains array in the config.php of owncloud and restarted that server
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: using OwnCloud Zimlet with an OC Server with self-signed certificate

Post by DualBoot »

with self-signed certificate, you need to export owncloud server self-signed certificate and import it into each zimbra keystore.
The Guy - DualBoot

PostMaster - WikiMaster - SysAdmin
"Free Your Mind. Think Open Source"
april.org
Zetalliance Member - zetalliance.org
leoyip
Posts: 5
Joined: Fri Sep 02, 2016 6:03 am

Re: using OwnCloud Zimlet with an OC Server with self-signed certificate

Post by leoyip »

I install the zimbra with enable only ldap service on the owncloud server such that I can reuse the self-signed certificate from zimbra.
[zimbra@cloud ~]$ zmcontrol status
Host cloud.example.com
ldap Running
stats Running
zmconfigd Running


And then create or replace /etc/httpd/conf.d/owncloud-ssl.conf with the following contents:

## LoadModule ssl_module modules/mod_ssl.so
## Listen 443
<VirtualHost *:443>
ServerName cloud.example.com
SetEnv HTTPS on
# SecFilterEngine Off
SSLEngine on
# SSLProxyEngine ON
# SSLCertificateFile /etc/pki/tls/certs/cloud.crt
# SSLCertificateKeyFile /etc/pki/tls/certs/cloud.key
SSLCertificateFile /opt/zimbra/ssl/zimbra/server/server.crt
SSLCertificateKeyFile /opt/zimbra/ssl/zimbra/server/server.key
DocumentRoot /var/www/html/

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
</VirtualHost>

It works perfect.
And the owncloud can access the ldap service from localhost.
Post Reply