• 0

SSL Certs for home server - Configuring


Question

Hi Folks,

  Im getting a bit mixed up in regards to what i need to do in order to progress and get my server on the internet in as secure a manner as possible.

 

I have a server running Ubuntu and Owncloud which i intend to harden up by configuring SSL and then allowing it access to the internet on specific ports. For all intents and purposes though, this is ubuntu with apache and SSL.

 

So currently i have a domain name which points to my home IP address - lets call it

 

www.homenet.com

 

On my server behind my router (with no forwarding at all configured right now) i have opencloud running on for example:-

 

192.168.0.2/owncloud

 

And its this i want to make available on the internet.

 

So say i want to generate a secure certificate, i can do a self signed one or i can get one from my domain name provider. Now, im not running a payments site here or anything, its simply my own cloud server so i want security but it doesnt have to be fort knox and my domain name provider will give me a free one.

 

So what do i do? Do i generate a cerficate from my domain name provider for www.homenet.com and put that on my server then open up port 443 on my router to test?  Or do i generate a self signed one for 192.168.0.2/owncloud or something similar and get it up and running first with https locally? I assume once im happy i can generate a proper cery with my domain name provider.

 

I should add that i cant access my server on HTTPS internally at the moment as there is no cert configured.

 

If the above isnt quite making sense, its probably because im making a lot of assumptions here about how i think this should work so feel free to correct me or suggest alternatives to my thinking.

 

Thanks

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • 0

I don't think it's really necessary to purchase an SSL certificate for something you're using internally. A self signed certificate should work fine as long as you add your Ubuntu server as a Certificate Authority on the devices you use to access it. 

 

I do want to stress the importance of using a VPN for this. You are passing personal data to this device using a domain name (remember the old rule of anything on the internet is public). Using a VPN would allow you to control how many users can access your server by requiring they are on your internal network (aka logged into a VPN). ;-)

Link to comment
Share on other sites

  • 0

I managed to work this out, whilst i was setting up my server used a self signed certificate, then when i got it how i wanted it to work and opened it up to the internet i went and got a free cert from Comodo which allowed my site to work without warnings.

 

Seesm easy now i know what i shoudl be doing.

Link to comment
Share on other sites

  • 0

I use startSSL certs for anything which isn't going to be accessed by just me - but if you're the only person using it, self-signed certs are fine. They're not less secure, they just don't have a trusted authority - but you know the authority - you can trust yourself!

 

That said, I'd recommend startSSL over comodo - their web interface is a pain in the backside, but they offer 1 year certificates. Certs cover domain+1 subdomain, but you can have multiple certs. If you want a wildcard you'd have to pay for it.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.