Taco Steemers

A personal blog.
☼ / ☾

Configuring an Apache installation for use with the SSL protocol

Is your ownCloud client saying Failed to connect to ownCloud: Connection refused ?

A possible cause could be that the webserver that is serving your ownCloud does not have SSL enabled. In this note I will describe how I did that for my own Apache 2 install. If you do a websearch for apache2 ssl you will probably find many search results, but none of the pages I found applied to the install I had - all used different files and directories. For that reason I am posting this note.

If you are using the Apache web server, a version close to 2.2, you can probably enable SSL the way it is outlined in this note. To find out which version of Apache my server has, I ran apache2 -v on it. 

$ apache2 -v
Server version: Apache/2.2.22 (Debian)
Server built:   Mar  4 2013 22:05:16

We will now create a private key and a certificate, but before we do that, we should create and navigate to the /us/lib/apache2/ssl/ directory. Our server is called server1. This is what we will enter as the 'common name' when we are asked for it. We can create a key/certificate pair with the following example command: 

openssl req -new -newkey rsa:2048 -nodes -keyout server1.key -out server1.csr

It willl probably make sense to add something like -days 365 , which indicates how long the certificate should be valid. In my case it does not seem necessary, as both server and clients are on my personal network.

Now we need to tell Apache to use it. We make sure the top of our site configuration, which is contained in /etc/apache2/sites-available/default by default, looks like this: 

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName server1:443

We also add the following: 

    SSLEngine on
    SSLCertificateKeyFile /etc/apache2/ssl/server1.key
    SSLCertificateFile /etc/apache2/ssl/server1.crt

We will instruct Apache to use the 'mod_ssl' module , which uses OpenSSL . Install it if it isn't installed yet (check /usr/lib/apache2/modules/ to see if it is installed). We can use a2enmod ssl and a2ensite default-ssl to enable 'mod_ssl' for us. The latter enables it specifically for the website listed in /etc/apache2/sites-available/default .

We can also do it manually. If we check which files are listed in /etc/apache2/mods-available , we should find ssl.conf and ssl.load . We will now create symbolic links to these files in the /etc/apache2/mods-enabled directory, that way Apache knows we want these mods to be enabled. 

cd /etc/apache2/mods-enabled
ln -s ../mods-available/ssl.conf ssl.conf
ln -s ../mods-available/ssl.load ssl.load

mod_ssl is now enabled.

Now the apache2 server needs to be restarted. One can use 

service apache2 reload

on modern Debian(-based) installs.

Your owncloud should now be reachable on 'https:// <server> /owncloud'. Of course, your ownCloud client and web browser will ask you if you trust this self-signed certificate. 

Warnings about current SSL Connection:
The host name did not match any of the valid hosts for this certificate
The certificate is self-signed, and untrusted

...
...

In this case I'm fine with this - I can check the certificate details myself, and am only really using the certificate to get my own ownCloud client working with my own ownCloud server.