[SOVED] Get a Certificate for Home-made server

boina · 2015-12-23 15:03:05

I know this is not an Archlinux-related topic but coming to the Arch community for help proves to be great.
I have an Owncloud server at my home PC and it's working very good. The issue that I would like to address now is that when sharing files with work members and/or friends, they freak out when the they have to accept and exception to the self-signed certificate (I warn them about that).
So, I went to https://letsencrypt.org/ to get a free certificate but I need to provide a Domain Name. What I know is that I have a fixed IP but don't think that I have a domain name.

Basically, do ISP normally provide domain names or maybe there is a general one for all the users they provide internet to? Like alice.fr (my provider is Alice adsl).
Or, can I get a free certificate with out a domain name?
Or, can I get a free domain name?

Thanks in advanced and sorry if this is to simple matter for a post but I'm self-learner with the aid of internet and forums

Best, jose.

Last edited by boina (2015-12-23 20:19:36)

ewaller · 2015-12-23 15:37:53

I've not used letsencrypt.org, but do they issue certs for domains you don't own?
You probably should set up a DDNS for your server, rather than using an IP address. Go to arfaid.org (*) or any other DDNS provider, and create a subdomain off of one of their shared domains. For example, I use them to host a subdomain on homenet.org. Now, your friends can go to yourSubDomainName.homenet.org instead of 12.34.56.78. Many routers have tools built in that can contact the DDNS provider to update the record should the IP ever change.

Then, see if you can register yourSubDomainName.homenet.org (or whatever subdomain.domain.topLevelDomain) you choose.

(*) I use services provided by afraid.org, but have no other affiliation with them.

mpan · 2015-12-23 19:37:22

Before you'll start using the certificate, be sure you actually understand what are you doing. Even Wikipedia has basic introduction to what SSL certificates are. Otherwise it'll be just a next case of cargo cult, often degrading security instead of improving it.

The suggestion comes straight from the question you have asked:

boina wrote:

Or, can I get a free certificate with out a domain name?

The question makes completly no sense, as domain-validation certificates… well… validate domains. The DV certs are for domains, so asking if you can obtain one without a domain suggests that you're not knowing why do you want one in the first place. This is not the way security is being done.

boina wrote:

they freak out when the they have to accept and exception to the self-signed certificate

It's a very good reaction on their side.

ewaller wrote:

I've not used letsencrypt.org, but do they issue certs for domains you don't own?

They do DVs, so they only confirm that you are in control of the server to which the domain resolves — not even if you're in control of the domain itself, even less if you are the owner. Even EVs don't check ownership, just identity of the requesting entity.

Last edited by mpan (2015-12-23 19:38:32)

boina · 2015-12-23 20:19:17

Thank you for your reply. Obviously I do not fully understand certificates.
Just to be clear, for my personal use I do not really need it. I know my server is my own and not a fake. I just wanted to get rid of the warning of self signed certificates when others download shared files from my owncloud server.

I find this to complicated and as I don't really understand it I'll give up on it and people (normally I know them in person) will have to trus my word.

Best and thank you again, jose.

mpan · 2015-12-24 09:36:29

boina wrote:

Obviously I do not fully understand certificates.

This should be "I didn't fully understand" — past tense . My intention wasn't stating the obvious, but suggesting you to learn how they work.

boina wrote:

I find this to complicated and as I don't really understand

… this is why fora are for. But before you ask for help, make sure you understand what you want to do. It's pointless to advise if the advice will lead to a non-working solution. And no, it's not really complicated. But yes, you need a domain to get a domain-validating certificate. I wonder how are you using self-signed one without domain in the first place. You can make a certificate for an IP address, but this would mean you have to re-issue it every time your address changes, which is truly pain in the ass — especially with self-signed certs.

boina wrote:

it I'll give up on it and people (normally I know them in person) will have to trus my word.

The problem with self-signed certificates is that every client has to manually confirm the certificate with you, using secure, independent communication channel — like meeting you personally, using point-to-point encrypted XMPP chat etc. Quite unhandy in practice. Self-signed certificates are used mainly if you're in control of both server and client machines, like in corporate networks, device firmware updates etc.

Ewaller has suggested how to get a gratis domain, Let's encrypt will give you gratis certificate for that domain. Much better option than self-signed one.

Last edited by mpan (2015-12-24 09:38:55)

Arch Linux

#1 2015-12-23 15:03:05

[SOVED] Get a Certificate for Home-made server

#2 2015-12-23 15:37:53

Re: [SOVED] Get a Certificate for Home-made server

#3 2015-12-23 19:37:22

Re: [SOVED] Get a Certificate for Home-made server

#4 2015-12-23 20:19:17

Re: [SOVED] Get a Certificate for Home-made server

#5 2015-12-24 09:36:29

Re: [SOVED] Get a Certificate for Home-made server

Board footer