First things first, setup DNS to point owncloud.stephen-scotter.net to correct IP address. Failing to do this at the beginning will cause your problems.
Next, edit /usr/pbi/owncloud-amd64/www/owncloud/config/config.php (within the jail) and add your new hostname to the trusted_domains setting. If you plan of changing the Port, add that now as well.
'trusted_domains' => array ( 0 => '192.168.150.33', 1 => 'owncloud.stephen-scotter.net', 2 => 'owncloud.stephen-scotter.net:5443', ),
Create SSL Certificates
To power phrase Mathias Johansson, do the following…
[steve@freenas] /# jls JID IP Address Hostname Path 1 - plexmediaserver_1 /mnt/zfs1/jails/plexmediaserver_1 3 - owncloud_1 /mnt/zfs1/jails/owncloud_1
so in my case my OwnCloud JID is 3
[steve@freenas] /# jexec “3” /bin/tcsh
root@owncloud_1:/ #
Create a keys direcoty in tmp and CD to it
root@owncloud_1:/ # cd /tmp && mkdir keys && cd keys
Generate key file
root@owncloud_1:/tmp/keys # openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus ...++++++ ........++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
Enter any password you like, you’ll only need it during the key creation process and we’ll remove the key from the certificate at the end of the process to avoid apache prompting for it when it starts.
Generate certificate request
root@owncloud_1:/tmp/keys # openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:GB State or Province Name (full name) [Some-State]:Warwickshire Locality Name (eg, city) []:Nuneaton Organization Name (eg, company) [Internet Widgits Pty Ltd]:ScotterSoft Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) [ownCloud]:owncloud.stephen-scotter.net Email Address []:certs@stephen-scotter.net
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
When prompted for “Enter pass phrase for server.key”, use the password you entered in the previous step. When prompted for a challenge password, leave it blank.
Remove the password from the key file after having made a backup
root@owncloud_1:/tmp/keys # cp server.key server.key.org root@owncloud_1:/tmp/keys # openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: writing RSA key
Create signed certificate which lasts 50 years (I dont want to be doing this every year!)
root@owncloud_1:/tmp/keys # openssl x509 -req -days 18250 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=GB/ST=Warwickshire/L=Nuneaton/O=ScotterSoft/OU=IT/CN=owncloud.stephen-scotter.net/emailAddress=certs@stephen-scotter.net Getting Private key
Copy new certifictae files to correct location
root@owncloud_1:/tmp/keys # cp server.crt /usr/pbi/owncloud-amd64/etc/apache22/ root@owncloud_1:/tmp/keys # cp server.key /usr/pbi/owncloud-amd64/etc/apache22/
Restart apache
root@owncloud_1:/tmp/keys # service apache22 restart
Extra
If you want your computer(s) to not show the “This certificate is not valid” type errors, add server.crt to your computers Trusted Root Certificate Authorities in IE
—
Change SSL Port (2nd attempt, ran into problems with first attempt a few weeks back)
Nano /pbi/owncloud-amd64/etc/apache22/extra/httpd-ssl.conf
Edit all instants of 443 to new port number.
Line:Text --------- 35:# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" 37:Listen 5443 74:<VirtualHost _default_:5443> 78:ServerName www.example.com:5443
Restart apache
root@owncloud_1:/tmp/keys # service apache22 restart