Try the fastest and simplest way to install ONLYOFFICE

can 9.6 use self signed certs??

Issues during installation and related to database

Re: can 9.6 use self signed certs??

Postby Maxim » Tue Jul 17, 2018 7:22 am

Hello knife-grinder!
1. See here. If you use docker you need to enable from docker community-server container
2. You can install Onlyoffice Enterprise Edition and using Control panel generate SSL certs for your domain and replace them to your current server
/app/onlyoffice/CommunityServer/data/certs
how to install intermediate certs?

Copy your certificate in PEM format (the format that has ----BEGIN CERTIFICATE---- in it) into usr/local/share/ca-certificates and name it with a .crt file extension.
Code: Select all
Then run sudo update-ca-certificates.
Maxim
 
Posts: 1747
Joined: Tue Oct 11, 2016 2:34 pm

Re: can 9.6 use self signed certs??

Postby knife-grinder » Tue Jul 17, 2018 2:41 pm

Hi Maxim,
I did as you suggested and now I have our company as a trusted CA, I restarted the supervisor service but nothing changed.

I'd like to avoid the control of self-signed certificate, I did the same on the OwnCloud app but by code 'cause I couldn't find the right config place to set that behaviour.
I can tell you that disabling this check is a temporary solution, we are evaluating to get a real certificate released by a public CA but for now is on production for internal use only, then we'll move on for public use.

Any help is appreciated.

TIA
knife-grinder
 
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Re: can 9.6 use self signed certs??

Postby ivanbishop » Thu Jul 19, 2018 4:09 pm

Never user intermediate certs, you mean a cert chain?

Anyway, this is a good thread. Is letsencrypt covered elsewhere and IS it secure from man in the middle attacks...
given they are generating the things I believe

It would be good to add this process to the MAIN community page?
thanks
ivanbishop
 
Posts: 5
Joined: Wed Jul 04, 2018 12:16 am

Re: can 9.6 use self signed certs??

Postby knife-grinder » Tue Jul 24, 2018 2:48 pm

Hi all,
I took some improve on my configuration issues.

At first I found the place where to change the behavior and let the FileConverter accept the self-signed certificate (line 72 on my /etc/onlyoffice/documentserver/default.json):
Code: Select all
"services": {
    "CoAuthoring": {
        "rejectUnauthorized": false
      },


Now I have a new problem but it's OT in this thread so I will look in some other place.
But, can someone link me where I can find a solution? The problem now is:
Code: Select all
[2018-07-23 17:46:33.174] [ERROR] nodeJS - error downloadFile:url=https://www.ourcloud.com/index.php/apps/onlyoffice/empty?doc=OEtOL0FvSVFqVFdGQ0g2blRhekhMWE9pYnRid0g2K0llVDdEM29XeU5Yaz0/eyJhY3Rpb24iOiJlbXB0eSJ9;attempt=3
;code:undefined;connect:undefined;(id=conv_check_651238131_docx)
Error: Error response: statusCode:403 ;body:
{"message":"Access denied"}
    at Request._callback (/var/www/onlyoffice/documentserver/server/Common/sources/utils.js:250:18)
    at Request.self.callback (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:185:22)
    at emitTwo (events.js:106:13)
    at Request.emit (events.js:191:7)
    at Request.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1157:10)
    at emitOne (events.js:96:13)
    at Request.emit (events.js:188:7)
    at IncomingMessage.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1079:12)
    at IncomingMessage.g (events.js:292:16)
    at emitNone (events.js:91:20)


Any help is appreciated

TIA
knife-grinder
 
Posts: 8
Joined: Wed Jul 11, 2018 11:40 am

Re: can 9.6 use self signed certs??

Postby Maxim » Wed Jul 25, 2018 10:48 am

Hello!
Code: Select all
"services": {
    "CoAuthoring": {
        "rejectUnauthorized": false
      },

Document Server will verify SSL certs or not.

Error: Error response: statusCode:403 - indicates that the server understood the request but refuses to authorize it. I mean i do not know what is the reason but smth. stops connection, maybe you should check JWT
Maxim
 
Posts: 1747
Joined: Tue Oct 11, 2016 2:34 pm

Previous

Return to Installation issues

Who is online

Users browsing this forum: No registered users and 2 guests