Strong SSL Security on OwnCloud

By | February 6, 2015

Having an OwnCloud installation on the home network is very useful but to use it at the maximum potential you got to open it to the world.

One of the best tutorials to install OwnCloud on Fedora 20+ is the online tutorial from BitFresh.

By following all the steps you get a nice secure OwnCloud installation as a start.

What is the tutorial lacking is the next step in securing the site, the step after which we can get an A rating for SSL security.

The best way to test how secure is your newly installed site is to go to the Qualys SSL Lab test page. There your site will be analyzed for all the current known weaknesses.

You will notice that the list of vulnerabilities in the standard Fedora+apache+Onwcloud installation is quite extensive. As a result there a lot of holes that must be closed.

The tutorial I followed to start closing the security holes is Strong SSL Security on Apache2 . Of course there are some changes from that tutorial. During the frequent iteration steps of changing settings and retesting the site with the Qualys SSL Lab test page. there were some extra changes.

The end result for the owncloud.conf configuration file for apache looks like the following:

Some things to note:

As a result I got a nice A rating if you do not take into account the trust issues caused by the fact that I use a self signed certificate.

SSLTest

Update:

By switching from self signed to LetsEnrcypt certificates I was able to easy get an A+ rating

Advertisements