Owncloud on seperate certificate

UlfGrr · August 21, 2017, 12:09pm

Hello to all
I am trying to present to my team that we can use owncloud to exchange files with external partners. If this turns out to be successful, i may replace the existing proxyserver with the squid-version too.

So far everything is quite smooth and straight forward. One little thing is stopping me and i cannot solve this by myself.
Now i am here to asking for some guidence, wisdom or possible, both.

It is the certificate. I cannot present Owncloud with an selfsigned certificate to my company.

I have messed up several times and restarted my project as i tried to replace the selfsigned certificate in UCS and i am starting to believe it is impossible to do. I have to come to terms that the selfsigned certificate to the UCS can be there as it is only the tech-team that will have access to it(i will try to change tcp-port and lock it within a segregated dmz)

The certificate to the Owncloud however, needs to have an external certificate bought on Internet through globalsign.

Have anyone have any experience similar to mine and can push me in the right direction on my idea to have seperated certificate for owncloud and a selfsigned for UCS?

I am using the UCS 4.1-with-owncloud on a vmware esx-server.

regards
//Ulf

ahrnke · August 21, 2017, 1:09pm

Using more than one cert on a single host will be challenging but why do you think that you have to use the self-signed certificate for the Apache? You can simply change to a commercial cert by adjusting the UCR-variables apache2/ssl/certificate, apache2/ssl/key and apache2/ssl/certificatechain (search this site for examples) or even use Let’s Encrypt.

hth,
Dirk Ahrnke

UlfGrr · August 25, 2017, 1:11pm

First, lots of thanks for helping me staggering the right direction.
I do not see that there is a etc\apache2\ssl folder.
Does this mean that i should create one and there place the certificates?

regards
//Ulf

ahrnke · August 25, 2017, 2:24pm

I was talking about Univention Configuration Registry

UlfGrr · September 29, 2017, 3:22pm

Hello once more
I gained some mental strenght by taking vacation for 3 weeks.
You sir, are completely right. Univentions configuration Registry was the key.

My steps were;
-Convert the external cert to pem-versions.
-Created a folder called etc/ssl/local_certs/
-Copied .pem and key file to etc/ssl/local_certs/
-Adjusted the registry for certificate and key to match the new location.
-rebooted server
Also learned to unset the registry with the “univention-config-registry unset” command

//Ulf

wa4otj · April 9, 2018, 2:14am

Thank you for this discussion, it helps me along the path toward getting the owncloud appliance working. But, I’m afraid I’m a little lost at the step “adjusted the Registry …” I spent hours reading the documentation on the Univention Configuration Registry. But I’m missing something.

I have my cert, in the “local_certs” directory, but I cannot find where/how to use the univention-config-registry set to point to the new location and cert. Maybe I’m being obtuse, but a little more clarification would be most appreciated.

Nathan