New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nextcloud.enable-https custom parameters #1254
Comments
So are these still self-signed? If so, mind if I ask why you want to use them instead of the one the snap can generate for you? Regardless, the "chain" is a file that allows you to specify all the CA certificates that form the certification chain of your cert. If your cert is self-signed, just re-use your own cert, e.g.:
|
Any ideas on how to make this work? I believe there is an inconsistency between documentation and actual functionality. |
That's true, but it re-creates it periodically. |
And thus the problem. My users do not appreciate the random requests to trust the new certificates. Also under MacOS (some of my users) the calendar will not just allow the user to trust the certificates. You have to manually copy them to each computer's certificate store and tell the OS that you trust them. This quickly gets to be a nuisance. As we are an isolated network, just using the tools for encrypted communications to discourage nosiness, we would like to use much longer lived certificates. The part that works as documented does not really meet our needs. |
I found the stumbling point. The command works to replace the default self-signed certificate with my own, but only if I set the creator information for my self-signed cert exactly as is done internally. The certificate and private key must be created with the following command:
Yes, I want the certificate to last 5 years (I change it more often). So I assume the issue is what the settings are when nextcloud is operating as I have without a FQDN. If it was, I would, of course, use letsencrypt. Maybe this info will help someone, or could be added to the instructions somewhere. The issue reflects lots of moving parts, that must all be synchronized. An alternative, which I believe would make the snap more useful: accept a user adjustable regeneration interval for the self-signed certificate. |
This issue is stale because it has been without activity for 60 days. It will be closed after 7 more days of inactivity. |
Found this after googling some related Nextcloud self-signed cert issues, and can add (yes, I see that this issue is closed) that in the latest snap (20.0.4), the self-signed certs work with the command listed above. But - If you try to get Iphone users to install certs with a 5-year lifespan, it will not work, due to the 825 day limit in recent IOS versions. It will work, however, if you create a self-signed root CA cert, install that in the users' devices, and use the CA cert to sign new Nextcloud certs periodically. |
Hi,
I have a running snap of nextcloud 16.0.8 on a fresh ubuntu server 18.04 with a self-certificate https and I want to move to a custom certificate and I am finding confusing the custom help.
Using openssl I have generated the certificate (cert.csr and .pem), a private key (key.pem) and a public key to use in devfs2 connection.
When getting help from the command I get your information:
I am new to openssl as you can probably tell, but the parameter list ** nextcloud.enable-https custom [-h -s] ** does not specify what is a chain file and I cannot find an explanation. I assume that all the files in this parameter list are
.pam
but I have no confirmation of that.Could you give some insight of what the parameters are and the correct file type?
Also probably I should get a ticket for the manual because I am putting myself in this situation after being unable to find the file "mycertificate.pem" from Creating WebDAV mounts on the Linux command line: Known Issues.
I have tried to find it by without success:
# find /snap/nextcloud/ pem | grep mycertificate.pem
If I look for all the files containing pem I don't see any clear candidate for the certificate used in https
find /snap/nextcloud/ pem | grep .pem
I hope you find this issue interesting and maybe can bring some more explanations to both the help command and that particular point of the manual.
The text was updated successfully, but these errors were encountered: