Self Signed Certificates and Collabora

ℹ️ Support πŸ“„ Collabora
1

So I am currently testing NextCloud + Collabora on a private network before deploying. To do this I am obviously using self-signed SSL certs, but this creates some problems.

When trying to open an opt file in NextCloud I get the following error:

GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate in certificate chain

Does anyone know how to overcome this?

Thanks.

2

When I use self signed certificates I create first my own certificate authority and then add this certificate authority to the debian 9 system

  1. convert the root CA from pem to crt
  2. copy root CA crt to /usr/share/ca-certificates
  3. run dpkg-reconfigure ca-certificates

Further I add the root CA to the nextcloud server system

  1. open the root CA (pem format) in a text editor
  2. open the file resources/config/ca-bundle.crt in a text editor (file is part of nextcloud)
  3. create an new entry at the end of ca-bundle.crt and paste the root CA in it
  4. open the file files_external/rootcerts.crt (file is part of the nextcloud data folder)
  5. create an new entry at the end of rootcerts.crt and paste the root CA in it

Next I create with openssl a key.pem and a csr.pem file for lool.example.com. Sign the the csr.pem with the root CA.
Then I use the lool.example.com.key.pem and the lool.example.com.cert.pem in my lool.example.com-ssl.conf file in /etc/apache2/sites-available which also holds the proxy configuration for collabora.

And finally I adapt the loolwsd.xml and add the absolut path to the key.pem and cert.pem used in the lool.example.com-ssl.conf.

Don’t forget to add the ca-chain.cert.pem in loolwsd.xml and lool.example.com-ssl.conf

In order to create the root CA ca.cert.pem and the ca-chain.cert.pem I followed the how to from Jamie. See
https://jamielinux.com/docs/openssl-certificate-authority/index.html