Insecure https connection


#1

Hi!

When accesing the web interface or owncloud I get the message in the url box in my browser that the connection is insecure and something about certficates. Any idea how I can make the connection (the certificate) get verified?

Thanks!


(Rob Bosch) #2

Your server certificate needs to be in the trusted certificates in your browser. Adding it manually can be tedious, especially when you have a lot of clients.
Maybe Nethserver should have a certificate module that automatically uses something like https://letsencrypt.org/


(Alessio Fattorini) #3

You can also buy and install it:
http://docs.nethserver.org/en/latest/base_system.html?highlight=certificate#install-a-custom-certificate

I bet that @giacomo can add more details about letsencrypt dev status :smile:
http://dev.nethserver.org/issues/3355


#4

Could you describe how I can add this certificate manually (or where I can find the certificate on the server)?


(Alessio Fattorini) #5

Check my link above! :wink:


(Giacomo Sanchietti) #6

If you want to try it, I just pushed Let’s Encrypt support for NS 6.
See: http://dev.nethserver.org/issues/3355


(Alessio Fattorini) #7

That’s a really good news! Thanks for sharing. @dz00te would you mind to add it to your list?


#8

I generated the certificate and can see it, but I am not sure how to install it in a browser. Since I have to import a .crt file I guess, do I just have to copy the certificate into a text file and save .crt?


(Alessio Fattorini) #9

You may put crt here:

/etc/pki/tls/certs/

and your key here:

/etc/pki/tls/private

Then

db configuration setprop pki CrtFile '/etc/pki/tls/certs/your_certificate.crt'
db configuration setprop pki KeyFile '/etc/pki/tls/private/your_privatekey.key'

Lastly:

signal-event certificate-update

#10

Yes I read that, but still my question remains: how do I get the .crt and .key files. I generated the certificate and I see it in the web interface. Where are those files saved and under what name on the server?


(Alessio Fattorini) #11

Maybe I weren’t clear enough, you have to buy them from your certification authority and install on NethServer


#12

I see. Since Let’s Encrypt is a certification authority I could use this, right (and it is free)?


(Giacomo Sanchietti) #13

Yes it is.
You can try by installing packages from testing and follow instruction written inside the issue.

I’m doing a little fix, if you can wait a couple of hours I will also put a mini-howto on discourse :smile:


(Alessio Fattorini) #14

Ok, I’m not speaking about let’s encrypt here. Let’s encrypt isn’t supported yet since currently on QA http://dev.nethserver.org/issues/3355
I was referring to installing a custom certificate obtained from a CA


#15

That would be great. Thanks! I will wait then :smile:

Yes I understand. I was just asking. Thanks!


(Giacomo Sanchietti) #16

Take a look to: NethServer 6.7 02/16 updates & Let's Encrypt


#17

Many thanks for this!

Since I just use a public IP address to reach the server from outside - is it possible to set this up (Let’s Encrypt) without having a public domain name?


(Giacomo Sanchietti) #18

No, it’s not.
But you could use a free domain name service (like https://freedns.afraid.org/).