Please provide step-by-step documentation for novice

[fishfree]

I'm stuck here as below:

I don't know how to do next. :-(
My questions are:

1. How to start a CFSSL service? Or it has been started in my box as indicated in the screenshot above?
2. I have bought a commercial cert, how to import it into the CFSSL service? If not feasible, how to configured Root certificate data in the form?

Many thanks!

[vitormattos]

1. The CFSSL in a default setup is managed by LibreSign. The app will download de CFSSL binary and start the CFSSL service to be accessible only by localhost and every time when need to use, will check if is running and if not, will start.
2. To use your comercial cert you will need to change the configuration files of CFSSL that is generated by LibreSign.

PS: In the development version of LibreSign already is possible to use OpenSSL instead of CFSSL to generate the user certificates.

If you wish helping to funding this app you also can talk with our team to we do a enterprise support to your company. Don't exitate to contact us: [email protected]

[fishfree]

@vitormattos Thank you very much for replying. Now I tried to generate a self-signed root cert, all status of the configuration is green success. Then I opened the file "Reasons to use Nextcloud.pdf", opened the side bar, do a request. But it failed due to sending email error: Error | libresign | Notify unsigned notification mail could not be sent: Connection could not be established with host 127.0.0.1 :stream_socket_client(): Unable to connect to 127.0.0.1:25 (Connection refused)

Is it a required step to send user email?

The other question of how to replace with my comercial cert:
Libresign tells me the root cert config path is /var/www/nextcloud/data/appdata_ocw7vzahnpk2/libresign/cfssl_config/, in that folder I find three files ca.csr ca-key.pem ca.pem, can I just replace these files with the commercial respondent ones? The Root certificate data(i.e. CN l C O OU) were set the same as those of my commercial cert when creating.

[vitormattos]

1. Sounds that is a problem in your SMTP service because the door 25 is the SMTP door, isn't related with LibreSign. I will need to check how this can affect LibreSign and the best way to catch this error to report to admin user.

2. Yes, you can replace the files without problems.

[fishfree]

@vitormattos I test it is a necessary step to send email, which I think replacable by on-page notification.
However, I found there were no correspondent csr/pem files of my commercial cert. I probably bought a wrong provider. Could you please tell me which provider is compatible with cfssl? Many thanks!

[vitormattos]

Hi @fishfree

Notifications: in the next version will be possible change the way to receive notifications from LibreSign and will be possible use Nextcloud Notifictaions app.

Certificate: Will be necessary check the CFSSL project about this. In the next version will be possible use OpenSSL instead of CFSSL. Will be optional.

This is a screenshot of next version:

[vitormattos]

Could you test the newest release of LibreSign?

Was made a lot of improvements.

Closing this issue as solved.

If you have other problems, don't hesitate to create a new issue helping this project to be the best signature software.

Note

If you like this app, don't hesitate to help us

Ways to help this project:

• Creating a very nice review of this project at:
  • social networks like LinkedIn, Instagram, etc and putting the @LibreSign and @LibreCodeCoop
  • AlternativeTo https://alternativeto.net/software/libresign/
  • Nextcloud apps store: https://apps.nextcloud.com/apps/libresign
• Sponsoring the development by GitHub sponsor https://github.com/sponsors/LibreSign
• helping the translations on Transifex
• contacting us to have Enterprise support: https://libresign.coop