Configuring the DocMoto server to use an externally verified SSL certificate
By default a DocMoto server uses a self signed SSL certificate.
For improved security newer versions of the DocMoto client will warn users if they connect to a server using a self signed certificate.
New versions of the DocMoto client will warn users if the server is not using a verified certificate
The warning is once only, so does not persist for those installations where self signed remains the most expedient option.
What do I need to switch from a self signed certificate?
- Firstly your DocMoto server will need to be on a server with a legal internet name. If you are already using the DocMoto server with external users the odds are your server will already have this.
- A valid verified SSL certificate from an internet certificate provider matching the server's internet name.
Configuring the DocMoto Server
Obtaining a verified SSL certificate is outside of the scope of this article. However once you have your certificate you will need it in the pem format (ie my cert file.pem).
If your pem file is password protected you will also need that
The procedure for configuring your DocMoto server to use your verified certificate is as follows:
- Open terminal and switch to super user by typing
- Move to the settings folder by typing
- Rename the existing self signed certificate by typing
mv DocMoto.pem DocMoto.pem.org
- Copy the new pem file to the settings folder by typing
cp <the full path to my pem>.pem .
- Change the ownership of the pem file to user DocMoto by typing
chown docmoto <my pem file>.pem
- Edit the serverConfig.conf to ensure the default secure port 3984 uses the new certificate
<Https port="3984" pem-filename="<path to my certificate file>.pem" pem-password="<password for pem file if required>"> <WebDav /> <Admin /> </Https>
- Restart the DocMoto server by going into System Preferences, finding DocMoto Server, and restarting.