<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
code
{mso-style-priority:99;
font-family:"Courier New";}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.Shkpostityyli20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.Shkpostityyli22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:765730516;
mso-list-type:hybrid;
mso-list-template-ids:-1595907822 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FI" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I seem to have this setting done in Apache’s httpd.conf file as<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">SetEnv CURL_CA_BUNDLE "d:/Program Files/ms4w/Apache/conf/ca-bundle/cacert.pem"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Check if that works better, or if there happens to be a line already overriding your system wide setting.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">-Jukka Rahkonen-<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:Robertas.Kerpys@bentley.com"><span lang="EN-US">Robertas.Kerpys@bentley.com</span></a></span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<span lang="EN-US">wrote:<o:p></o:p></span></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNoSpacing"><span lang="EN-US">Hi Folks,<o:p></o:p></span></p>
<p class="MsoNoSpacing"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNoSpacing"><span class="apple-converted-space"><span lang="EN-US" style="color:black">I </span></span><span lang="EN-US" style="color:black">want to access MapServer SLD resource via secure connection. I've set up SSL on IIS for my web site successfully
using a self-signed certificate. Then I added self-signed certificate into a curl-ca-bundle.crt certificate file and set CURL_CA_BUNDLE system level environment variable pointing to curl-ca-bundle.crt file.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;background-position:initial initial;background-repeat:initial initial;word-spacing:0px">
<span lang="EN-US" style="color:black">Aforementioned steps are covered in the following resources:</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:Wingdings"><span style="mso-list:Ignore">§<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US" style="color:black;border:none windowtext 1.0pt;padding:0cm"><a href="http://mapserver.org/ogc/wxs_secure.html">How to set up MapServer as a client to access a service over https</a></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo2">
<![if !supportLists]><span lang="EN-US" style="font-family:Wingdings"><span style="mso-list:Ignore">§<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US" style="color:black"><a href="http://blog.gisinternals.com/2010/12/daily-built-binary-packages-for.html"><span style="color:#4A6B82;border:none windowtext 1.0pt;padding:0cm">MapServer with OpenSSL support</span></a></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNoSpacing"><span lang="EN-US" style="color:black"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNoSpacing"><span lang="EN-US" style="color:black">Unfortunately this configuration does not work and curl throws invalid certificate exception when accessing the following URL:</span><span class="apple-converted-space"><span lang="EN-US" style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black"> </span></span><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas"><a href="https://domain/cgi-bin/mapserv.exe?map=name1.map&LAYERS=SPECIFICLAYER&TRANSPARENT=TRUE&SLD=https%3A%2F%2Fdomain%2Fcgi-bin%2F%2Fsld.xml&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap">https://domain/cgi-bin/mapserv.exe?map=name1.map&LAYERS=SPECIFICLAYER&TRANSPARENT=TRUE&SLD=https%3A%2F%2Fdomain%2Fcgi-bin%2F%2Fsld.xml&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap</a></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas"><?xml version='1.0' encoding="ISO-8859-1" standalone="no" ?></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas"><!DOCTYPE ServiceExceptionReport SYSTEM "<a href="http://schemas.opengis.net/wms/1.1.1/exception_1_1_1.dtd">http://schemas.opengis.net/wms/1.1.1/exception_1_1_1.dtd</a>"></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas"><ServiceExceptionReport version="1.1.1"></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas"><ServiceException></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas">msSLDApplySLDURL: WMS server error. Could not open SLD
<a href="https://domain/cgi-bin/sld.xml">https://domain/cgi-bin//sld.xml</a> and save it in temporary file C:\Windows\TEMP\52f0d577_1380_0.sld.xml. Please make sure that the sld url is valid and that the temporary path is set. The temporary path can be defined
for example by setting TMPPATH in the map file. Please check the MapServer documentation on temporary path settings.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas">msHTTPExecuteRequests(): HTTP request error. HTTP: request failed with curl error code 60 (SSL certificate problem, verify that the CA cert is OK.
Details:</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas">error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed) for
<a href="https://domain/cgi-bin/sld.xml">https://domain/cgi-bin//sld.xml</a></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas"></ServiceException></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span lang="EN-US" style="font-size:9.0pt;font-family:Consolas"></ServiceExceptionReport></span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNoSpacing"><span lang="EN-US">If curl is used separately it doesn't throw the certificate exception when used with the same curl-ca-bundle.crt file. This suggests that MapServer does not take into account CURL_CA_BUNDLE environment path and does
not pass it to libcurl. But according to<span class="apple-converted-space"><span style="color:black"> </span></span><a href="https://github.com/mapserver/mapserver/blob/7f3e75cbc277b19774dc7030b76b92985f9690c6/maphttp.c"><span style="color:#4A6B82;border:none windowtext 1.0pt;padding:0cm">MapServer
code</span></a><span class="apple-converted-space"><span style="color:black"> </span></span>it should check for CURL_CA_BUNDLE environment variable and if set use it for cURL. However this doesn't seem to be the case.<o:p></o:p></span></p>
<p class="MsoNoSpacing" style="orphans: auto;widows: auto;-webkit-text-stroke-width: 0px;background-position:initial initial;background-repeat:initial initial;word-spacing:0px">
<span lang="EN-US">I even restarted my server for IIS process to pick up new environment variables:<span class="apple-converted-space"><span style="color:black"> </span></span><a href="http://geographika.co.uk/reboot-to-refresh-environment-variables"><span style="color:#4A6B82;border:none windowtext 1.0pt;padding:0cm">http://geographika.co.uk/reboot-to-refresh-environment-variables</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Am I missing something?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US">Robertas</span></b><span lang="EN-US"><o:p></o:p></span></p>
</div>
</div>
</body>
</html>