First things first : https

2014-09-15 - Comments are closed

When you're about to setup an your own owncloud, and when you know you will be using your owncloud mainly through a GSM network, the first thing you need is an SSL certificate, so that regular users wont be able to spy on your communications.

The first option I had in mind was to create a stupid self-signed certificate.

And I did it.
It worked.
Honest.

But problem is, when you do that, you have to import the certificate in all the browsers and client you're about to use... Plus, android was sending me warnings all the time after I imported the self-signed Authority Certificate "be careful, network is |ns3cur3, d00d".

So my second option was to obtain a trusted certificate, signed by a trusted authorized. And honestly I did not want to spend money on it. It was for my own personnal usage, for the gods sake. So after a few research, I found 3 authorities doing this :

While Gandi can actually provides a one-time 1-year SSL certificate, and while cacert is not recognized by Android, http://startssl.com can actually offer you a 1-year SSL certificate. For free. And when the certificate expires, you can just create another one. And, cherry on the top, startssl is a trusted authority on android.

There are some limitations, of course. But for a single stupid https vhost it was enough.

And voila.

Tags de l'article : Lighttpd, SSL, https