To access and sync my Owncloud's calendar and contacts with my Android phone in a (more-or-less) secure manner through HTTPS, I needed to get a SSL/TLS certificate. Or precisely: a self-signed root CA (Certification Authority) certificate.
After searching for Howtos and creating a bunch of CA certificates, normal certificates, signing them, signing them vice-versa etc. -- yes, I don't really have a clue -- I mostly run into one of these errors:
- when signing normal cert with CA cert: "not self-signed"
- when self-signing normal cert with itself: "no Basic Constraint CA flag"
Then I finally found (https://langui.sh/2009/01/18/openssl-self-signed-ca/) this one-liner that does the job just fine:
$ openssl req -newkey rsa:2048 -days 365 -x509 -nodes -out root.cer
Make sure to use the domain name you want to use this certificate on as the Common Name (CN).
This creates a certificate file (named as defined in the -out parameter) and a key file, named 'privkey.pem' in my case. I had to upload this in the admin interface of my shared hoster, and 5 minutes later the certificate was installed and accepted by DAVDroid, the Android syncing app.
Tags: owncloud, https, security, webdav, caldav, carddav, openssl, ubuntu, linux
Thanks for the hints. I actually thought about that. The one-liner was pretty much copy-pasted, although I understand what it does now.
I'll definitely increase the size.
I'm not sure about the expiration: I only use the certificate myself and won't issue and sign other certificates with it. Isn't it more secure (albeit a bit of work, of course) to trash a certificate from time to time?