FreeNAS, Ownclound, SSL (change Port?)

By | May 6, 2014

First things first, setup DNS to point to correct IP address. Failing to do this at the beginning will cause your problems.

Next, edit /usr/pbi/owncloud-amd64/www/owncloud/config/config.php (within the jail) and add your new hostname to the trusted_domains setting. If you plan of changing the Port, add that now as well.

'trusted_domains' =>
   array (
      0 => '',
      1 => '',
      2 => '',

Create SSL Certificates

To power phrase Mathias Johansson, do the following…

[steve@freenas] /# jls
 JID IP Address Hostname Path
 1 - plexmediaserver_1 /mnt/zfs1/jails/plexmediaserver_1
 3 - owncloud_1 /mnt/zfs1/jails/owncloud_1

so in my case my OwnCloud JID is 3

[steve@freenas] /# jexec “3” /bin/tcsh
root@owncloud_1:/ #

Create a keys direcoty in tmp and CD to it

root@owncloud_1:/ # cd /tmp && mkdir keys && cd keys

Generate key file

root@owncloud_1:/tmp/keys # openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

Enter any password you like, you’ll only need it during the key creation process and we’ll remove the key from the certificate at the end of the process to avoid apache prompting for it when it starts.

Generate certificate request

root@owncloud_1:/tmp/keys # openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Warwickshire
Locality Name (eg, city) []:Nuneaton
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ScotterSoft
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) [ownCloud]
Email Address []
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

When prompted for “Enter pass phrase for server.key”, use the password you entered in the previous step. When prompted for a challenge password, leave it blank.

Remove the password from the key file after having made a backup

root@owncloud_1:/tmp/keys # cp server.key
root@owncloud_1:/tmp/keys # openssl rsa -in -out server.key
Enter pass phrase for
writing RSA key

Create signed certificate which lasts 50 years (I dont want to be doing this every year!)

root@owncloud_1:/tmp/keys # openssl x509 -req -days 18250 -in server.csr -signkey server.key -out server.crt
Signature ok
Getting Private key

Copy new certifictae files to correct location

root@owncloud_1:/tmp/keys # cp server.crt /usr/pbi/owncloud-amd64/etc/apache22/
root@owncloud_1:/tmp/keys # cp server.key /usr/pbi/owncloud-amd64/etc/apache22/

Restart apache

root@owncloud_1:/tmp/keys # service apache22 restart


If you want your computer(s) to not show the “This certificate is not valid” type errors, add server.crt to your computers Trusted Root Certificate Authorities in IE

Change SSL Port (2nd attempt, ran into problems with first attempt a few weeks back)

Nano /pbi/owncloud-amd64/etc/apache22/extra/httpd-ssl.conf

Edit all instants of 443 to new port number.

35:# Listen directives: "Listen [::]:443" and "Listen"
37:Listen 5443
74:<VirtualHost _default_:5443>

Restart apache

root@owncloud_1:/tmp/keys # service apache22 restart