Can't import root certificate on qnap system using qpkg installation

LULUZ · September 28, 2021, 11:46am

Steps to reproduce

I added enable_certificate_management in to my config.php, and see the “import root certificate” in the config page.
I imported my self-made certificate

Expected behaviour

the root certificate works and I could enter my owncloud via https

Actual behaviour

I can’t enter my owncloud via https, the imported certificate just disappear after I refresh the config page.

Server configuration

Operating system:

Web server:

Database:

PHP version: I don’t really know the above. I downloaded the latest version from qnap app center, linked it to mysql according to the discription.

ownCloud version: (see ownCloud admin page) 10.0.10.4

Updated from an older ownCloud or fresh install: fresh installed

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

No errors have been found.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/…

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

thank you for your help.

cortho · September 28, 2021, 2:03pm

Hi LULUZ,

[deleted apache vhost comment]

Edit: I overlooked the qnap-Part. Maybe you should put qnap in the title and be a little more specific about your system, so fellow users may help you.

How did you set up ownCloud in the first place? Did you follow this documentation? ownCloud on QNAP :: ownCloud Documentation

LULUZ · September 28, 2021, 2:25pm

hello, thank you for replying.
I am sure I installed owncloud following the instruction. and it worked pretty fine with http. I even shared some files to my friends and nothing wrong.

LULUZ · September 28, 2021, 2:39pm

some more information.
I ssh to my nas and find the certificate uploaded in this location.
/share/CACHEDEV1_DATA/.qpkg/owncloudv10/data/files_external/uploads
there is also a certificate called rootcerts.crt in
/share/CACHEDEV1_DATA/.qpkg/owncloudv10/data/files_external
it’s much bigger, but I don’t know the difference.

cortho · September 28, 2021, 3:57pm

Unfortunately I never worked with a qnap, so I can only offer best guesses.

It looks like ownCloud comes in a docker for qnap. For dockers it is quite usual to have an external nginx/apache/… performing the SSL termination and proxying plain HTTP to the docker port (in the appliance). Are there any settings in the frontend to accomplish this? Maybe this is an option for you? In this case you shouldn’t have to import any certificates.

FYI regarding the multiple occurrence of rootcerts.crt, the one in the files_external folder is shipped with ownCloud itself, the one in the files_external/upload is the one imported by you.

I admit, the documentation available on the web on both the qnap and the ownCloud side is very poor, especially when there was this big press release back in 2020: QNAP Systems Inc. and ownCloud GmbH announce strategic partnership - ownCloud

@dmitry I see there is some documentation at ownCloud on QNAP :: ownCloud Documentation but this does not cover any certificates at all. Do you know some “insider” who could add the relevant lines? - or - is this as @tom42 wrote at [1] that “i think the Qnap NAS app isn’t provided by the ownCloud people so this could be the reason why no one was able to answer / help here yet.”

LULUZ · September 29, 2021, 2:13am

thank you. I tried nginx in docker and it worked well. it really solved my problem.

dmitry · September 29, 2021, 8:45am

Hello @cortho

Thank you for the helpful response and notifying me about this issue. I have forwarded it to the proper channels. I hope we can improve our documentation and avoid issues like this.

Best Regards

Dmitry

wkloucek · September 29, 2021, 9:04am

Hello @LULUZ,

I assume you’re referring to the ownCloudX app from the QNAP app store like showed in the following screenshot!?

Actually this app is not maintained by us and will be removed from the app store by the original maintainers when our ownCloud app is ready. We are currently working on that together with QNAP. That’s also why ownCloud on QNAP :: ownCloud Documentation is not applicable for your current installation.

You already can try our app by downloading it from https://github.com/owncloud/qnap-packaging/releases (in the assets section), but there is not yet an official release. Since we are also using the QNAP proxy in front of the new ownCloud app, these manuals apply How to Use SSL Certificates to Increase the Connection Security to your QNAP NAS | QNAP or How to purchase and use myQNAPcloud SSL certificates? | QNAP to exactly your problem.

system · December 28, 2021, 9:05am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.