<div dir="auto"><div>Again without a valid certificate signed by a trusted* certificate authority there is no additional security achieved by https over http. <div dir="auto"><br></div><div dir="auto">Trusted is an important keyword there. If this is for private/internal use, an organization is free to setup an its own certificate authority and add that authority as a trusted authority on its clients. This is actually more common than you might think with SSL VPNs and IIRC is even part of Active Directory. If done right, this can be even more secure than relying on the public certificate authorities because you have full control and aren't trusting an outside organization.</div><div dir="auto"><br></div><div dir="auto">For public use, the certificate really needs to be signed by a trusted CA to provide any protection (otherwise anyone in a position to read/modify the unencrypted http traffic could just as easily spoof the unsigned https certificate). If money is the issue, I would recommend looking at some of the free CAs such as LetsEncrypt.</div><br><div class="gmail_extra"><br><div class="gmail_quote">On Feb 6, 2017 12:01 PM, "Mark Volz" <<a href="mailto:MarkVolz@co.lyon.mn.us">MarkVolz@co.lyon.mn.us</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="m_-6058428734728860680WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Hi,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Just to add my two cents in here. Some organizations might want to have https enabled, but do not have a need that justifies purchasing a ssl certificate…<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Thanks<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Sincerely,<u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Mark Volz, GISP</span></b><b><span style="font-family:"Calibri",sans-serif;color:#1f497d"><u></u><u></u></span></b></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Geomoose-users [mailto:<a href="mailto:geomoose-users-bounces@lists.osgeo.org" target="_blank">geomoose-users-<wbr>bounces@lists.osgeo.org</a>]
<b>On Behalf Of </b>Brent Fraser<br>
<b>Sent:</b> Monday, February 06, 2017 10:14 AM<br>
<b>To:</b> James Klassen <<a href="mailto:klassen.js@gmail.com" target="_blank">klassen.js@gmail.com</a>><br>
<b>Cc:</b> GeoMOOSE Users List <<a href="mailto:geomoose-users@lists.osgeo.org" target="_blank">geomoose-users@lists.osgeo.<wbr>org</a>><br>
<b>Subject:</b> Re: [Geomoose-users] Identify with a https WMS source<u></u><u></u></span></p>
</div>
</div><div class="elided-text">
<p class="MsoNormal"><u></u> <u></u></p>
<p>Hey Jim,<u></u><u></u></p>
<p> I think our WMS server's certificate is ok (no errors shown) but I'll confirm that. It could be my PHP config so I will look into that too.<u></u><u></u></p>
<p> Thanks!<u></u><u></u></p>
<pre>Best Regards,<u></u><u></u></pre>
<pre>Brent Fraser<u></u><u></u></pre>
<div>
<p class="MsoNormal">On 2/6/2017 9:06 AM, James Klassen wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Not a PHP expert here so I am not sure how to go about f:bding the root error message, but with every other language I have used, only working with the checks disabled means there was a certificate error so either the https server's certificate
is bad (easy to chec, a web browser would also show a warning when visiting the site) or that the client program can't find the it's list of trusted certificate authorities (and so will think all certificates are invalid).<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The best fix would be to figure out why the certificate isn't validating and fix that.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">If you need to talk to a server with a bad certificate, can't fix the server, and don't care if the connection is secure, then turning off the checks is a work around.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Feb 6, 2017 9:41 AM, "Brent Fraser" <<a href="mailto:bfraser@geoanalytic.com" target="_blank">bfraser@geoanalytic.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p>Otherwise no text is available in $gml after:<u></u><u></u></p>
<p> $gml = curl_exec($curlHandle);<u></u><u></u></p>
<p>but maybe there is a better solution?<u></u><u></u></p>
<p><u></u> <u></u></p>
<pre>Best Regards,<u></u><u></u></pre>
<pre>Brent Fraser<u></u><u></u></pre>
<div>
<div>
<p class="MsoNormal">On 2/6/2017 7:29 AM, James Klassen wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Why do you need those options? Generally,! disabling the certificate checks isn't a good idea.
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Feb 5, 2017 8:45 PM, "Brent Fraser" <<a href="mailto:bfraser@geoanalytic.com" target="_blank">bfraser@geoanalytic.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal">Hi all,<br>
<br>
To get identify.php to work when I specify a WMS map-source using https (instead of the old and out-dated http), I had to add a couple of curl options to identify.php around line 196:<br>
<br>
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYHOST, 0);<br>
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, 0);<br>
<br>
Should I file an issue or is this already handled in 3.0?<br>
<br>
And what's with hardcoding "INFO_FORMAT=application/vnd.<wbr>ogc.gml" into the request? Should we make that configurable in the map-source definition?<br>
<br>
Thanks!<span style="color:#888888"><br>
<br>
-- <br>
Best Regards,<br>
Brent Fraser<br>
<br>
<br>
______________________________<wbr>_________________<br>
Geomoose-users mailing list<br>
</span><a href="mailto:Geomoose-users@lists.osgeo.org" target="_blank">Geomoose-users@lists.osgeo.org</a><span style="color:#888888"><br>
</span><a href="https://lists.osgeo.org/mailman/listinfo/geomoose-users" target="_blank">https://lists.osgeo.org/<wbr>mailman/listinfo/geomoose-<wbr>users</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div></div>
</div>
</blockquote></div><br></div></div></div>