So I am currently testing NextCloud + Collabora on a private network before deploying. To do this I am obviously using self-signed SSL certs, but this creates some problems.
When trying to open an opt file in NextCloud I get the following error:
GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate in certificate chain
Does anyone know how to overcome this?
When I use self signed certificates I create first my own certificate authority and then add this certificate authority to the debian 9 system
- convert the root CA from pem to crt
- copy root CA crt to /usr/share/ca-certificates
- run dpkg-reconfigure ca-certificates
Further I add the root CA to the nextcloud server system
- open the root CA (pem format) in a text editor
- open the file resources/config/ca-bundle.crt in a text editor (file is part of nextcloud)
- create an new entry at the end of ca-bundle.crt and paste the root CA in it
- open the file files_external/rootcerts.crt (file is part of the nextcloud data folder)
- create an new entry at the end of rootcerts.crt and paste the root CA in it
Next I create with openssl a key.pem and a csr.pem file for lool.example.com. Sign the the csr.pem with the root CA.
Then I use the lool.example.com.key.pem and the lool.example.com.cert.pem in my lool.example.com-ssl.conf file in /etc/apache2/sites-available which also holds the proxy configuration for collabora.
And finally I adapt the loolwsd.xml and add the absolut path to the key.pem and cert.pem used in the lool.example.com-ssl.conf.
Don’t forget to add the ca-chain.cert.pem in loolwsd.xml and lool.example.com-ssl.conf
In order to create the root CA ca.cert.pem and the ca-chain.cert.pem I followed the how to from Jamie. See