waspinator's picture

Hi

 

I get the following error when accessing the Turnkey Owncloud server using https. I tried to issue a new self signed certificate using webmin (webmin -> webmin configuration -> SSL encryption -> Self Signed Certificate) but it didn't seem to do much. Is this the right place to make a new self signed certificate?

 

isWebDAVWorking: NO - Reason: [CURL] Error while making request: SSL: unable to obtain common name from peer certificate (error code: 51) (Sabre_DAV_Exception)

Thanks

Forum: 
waspinator's picture

just noticed that the new SSL certificate was written to

/etc/webmin/miniserv.pem

 

but owncloud uses

 

/etc/ssl/certs/cert.pem

 

so I just changed it to /etc/webmin/miniserv.pem and it seems to be working now

Alex's picture

You changed what exactly? It doesn't sound like you changed the location of the certificate. If you changed an owncloud setting, please specify what and where.

halil's picture

ı dont understand this problem ı saw in file manager  :12321 inside ssl file but localhost client https connect outside for internet my domain write client not connect big problem for me pls help

Jeremy Davis's picture

To be able to provide more help with this I need to understand how to reproduce this issue. Can one of you please walk me through this?

Thanks

ZanziPanzi's picture

its an easy one and its solved (credits to waspinator):

When you add a self signed certificate using webmin (to enable https for owncloud), it adds the certificate in a different location than where Owncloud expects it.   The solution is to adapt the path when you create the certificate in the webmin SSL encryption page:

webmin -> webmin configuration -> SSL encryption -> Self Signed Certificate

replace "create to /etc/webmin/miniserv.pem" with "create to /etc/ssl/certs/cert.pem"

Apart from this you just need to tick the box "enforce HTTPS" in the admin section of owncloud

 

Jeremy Davis's picture

I think that perhaps it might be worth enabling HTTPS by default in the ownCloud appliance? What do you think?

Actually I just created a feature request on the TKL Issue Tracker (see here). As I stated in my post there, I think that the SSL cert should at least be generated and available to ownCloud, even if it isn't enabled by default...

ZanziPanzi's picture

Yes, I agree.  Because the very first thing any Owncloud admin does is enable HTTPS anyway (in HTTP you get a warning in red by the way, logged in as admin).

I think it would be a good idea to generate an SSL cert (in the right spot for Owncloud as discussed in this thread), and potentially already turn on HTTPS by default in the Owncloud admin settings...

 

I think here TKL really makes the difference, the ease in deploying HTTPS Owncloud! Currently it takes a few minutes (if you know the two simple steps). If you download the open-Suse Owncloud virtual machine for example, HTTPS is also not enabled. The process to enable Owncloud HTTPS there is long and painfull (from newbee point of view), needs to be turned on in Apache and all over the place, lots of errors and troubleshooting, quickly taking hours compared to a few minutes on TKL, and zero seconds if enabled by default in the future...

Rafael Cristaldo's picture

1. Open the file $OWNCLOUD_DIR/3rdparty/Sabre/DAV/Client.php in your favorite text editor

2. Find the $curlSettings array in the request function

3. Add the following two elements to the array:

CODE: SELECT ALL

CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_SSL_VERIFYHOST => 0,



4. Save the file and exit the editor

5. Restart your web server

Stuart Prawat's picture

I have a SSL from GoDaddy that I have successfully used on my Exchange server.  I have exported it to a flat txt file.  I also have the GoDaddy intermediate cert.  Every time I import into the Webmin SSL Encryption page it breake the owncloud site.  What am I doing wrong?  I get a successful import message, and then my regular site is dead.  I can't connect from http or https.

Stuart Prawat's picture

I'm sure this isn't the official answer, but here's what worked for me.  So a quick back story, I have a UCC SSL with my real world domain name sync.mydomain.com as part of my Exchange mail.mydomian.com SSL.  I exported my SSL as a pfx file.  Then I used open SSL to extract the private key and and the cert.  I stripped out the extra text about RSA & GoDaddy and saved as a text file.

I went into my Webmin console and created a self-signed cert with my real world FQDN (so sync.mydomian.com).  Stopped and start the Apache server, all is still working, verified it's using new SSL.

Now I created a single pem file with both the private key & public cert that I had extracted from my GoDaddy cert.  I matched the format from the self-signed cert.  I named the file miniserv.pem and copied it to /etc/webmin/ (I first renamed the original in case it failed).  Then I copied the same file to /etc/ssl/certs.  I renamed my original cert.pem (once again, just in case it failed), and renamed miniserv.pem to cert.pem.

Stop and start Apache, and new real world SSL is working! :)

Stuart

Add new comment