Self-signed certificates are the most
simple and the free way to have a HTTPS-enabled server. However, when
a user enters the page, depending on the browser, gets a warning. On
Firefox the following page is shown:
On Chrome/Chromium, the https prefix is
shown red and padlock is not green:
The warnings here show that the
certificate is signed by an untrusted issuer. The risk of a
self-signed certificate is that they can never be verified
extensively. If you handed the public key to users, they can
ignore the warning. If not, there might be the case that the server
is under attack and the key was modified by an attacker. See this
question for detailed explanation. To continue, on Firefox, you
need to add an exception to the certificate by clicking on I
understand the risks and Add exception:
Later, you will be shown an Exception
dialog where you can confirm this security exception. In the next
visits, you will NOT be
asked for this certificate again unless the certificate changes.
On
Chrome/Chromium, you need to click on Advanced
link displayed in the page and choose Continue
with ... (unsecured).
Similarly, if you
need to mount an SSL-enabled ownCloud instance, you need to tell your
ownCloud instance that you trust that server. For this, the users
need to import the Root Certificates for this server in their
Personal settings page.
So, how do we get the certificate of
the server?
On
Firefox, click on View
in the windows shown above, and choose Details.
You will be shown a window similar to below:
Click on Export and save the
certificate. If you already confirmed the exception, you may
not see this window again. In this case, to see the same window,
click on the padlock left of the address bar and click on More
information. In Security tab, choose View Certificate.
On Chrome/Chromium, click on the
padlock next to address bar. On Connection tab,
choose Certificate information.
Go to Details tab and
click on Export to
export the certificate.
Next is to import this certificate into
our ownCloud instance. After enabling External storage support
in app management, enable user external storage in admin settings.
Make sure that ownCloud is checked.
In Personal settings,
try to mount the other instance into yours. Enter the URL of the
instance without HTTP or HTTPS prefix and check the Secure
checkbox. You will (most likely) get a red indicator showing that
there is a problem with the setup:
This means that we
need to import the server certificate into our instance to tell that
the connection can be trusted.
Scroll
down and find the SSL root certificates
field. Click on Import and
find the certificate that you have just exported.
Now
back to the External storage
field, you will be seeing that the indicator is green and the
connection is successful. If you go to Files app, you will be seeing
that the new external folder named ownCloud shown
using different icon.
If you have
imported your certificate, but still getting red indicator, make sure
that the Common Name has the same with the URL of the instance.
