OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: muchacha_grande on August 01, 2018, 06:48:26 pm
-
Hi,
I have a Nextcloud server with a self-signed certificate and I can't connect with OPNSense to backup the configuration.
This is what the log file shows when I enable Nextcloud in OPNSense:
{
"url":"https:\/\/cloud.xxxxxx.xxx\/remote.php\/dav\/files\/fjm\/",
"content_type":null,
"http_code":0,
"header_size":0,
"request_size":0,
"filetime":-1,
"ssl_verify_result":18,
"redirect_count":0,
"total_time":0.106457,
"namelookup_time":0.006754,
"connect_time":0.018284,
"pretransfer_time":0,
"size_upload":0,
"size_download":0,
"speed_download":0,
"speed_upload":0,
"download_content_length":-1,
"upload_content_length":-1,
"starttransfer_time":0,
"redirect_time":0,
"redirect_url":"",
"primary_ip":"192.168.2.4",
"certinfo":[],
"primary_port":443,
"local_ip":"192.168.2.1",
"local_port":2322
}
Any help will be appreciated.
Cheers,
-
Hello muchacha_grande,
There is 'ssl_verify_result":18' which I quote from https://www.openssl.org/docs/man1.0.2/apps/verify.html
18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates.
This suggest OPNsense is not able to verify this certificate (root-nss.crt).
Or add it to the store.
Or have a look on how to do it proper: https://wiki.opnsense.org/manual/how-tos/self-signed-chain.html ;)
Succes mark
-
Well, I see.. now it works ;)... thank you...
Now, I have a question... Provided that I just added the existing self signed certificate of my Nextcloud server to ca-root-nss.crt using the cat sentences explained in the docs... will this crt file be overwritten in the future, for example, in an upgrade of OPNSense?
And, another question, is it possible to choose a path to save de configurations instead of just a root directory?
Thank you again and regards
-
Now, I have a question... Provided that I just added the existing self signed certificate of my Nextcloud server to ca-root-nss.crt using the cat sentences explained in the docs... will this crt file be overwritten in the future, for example, in an upgrade of OPNSense?
yes - when the ca certificates are updated. It should not happen often.
And, another question, is it possible to choose a path to save de configurations instead of just a root directory?
It is a directory in the root directory - or what do you want to say?
-
I have an external storage drive accessed from Nextcloud via SMB/CIFS protocol.
I wanted to use a certain path inside this share to store configs and backups.
For example in the path /data/Backup/Configs/OPNSense, "data" is the name of the shared SMB/CIFS resource.
-
Glad to hear the guide works for you 8)
Should this not be handled with Nextcloud self.
I mean the storage you give to Nextcloud can be 'anything' just the path to Nextcloud from OPNsense is handled by OPNsense.
Greetings mark