[Qgis-user] WMS via https - "SSL handshake failed"

Tue Jan 3 14:11:50 PST 2017

Hi John

as far as I understand, you only added server CA in qgis auth
configuration, and it's not enough to be authenticated by a fully SSL
featured server, you need a client certificate identity that could be
authorized by the server. Some identity that the server can trust. You
have to add an identity certificate as in the guide:
https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html#authentication-methods.

You only added a server CA that is useful in case you need to have a
client side certification of the server to avoid Man-In-the-Middle
attacks.

BTW, with your server you don't need to be authenticated as you can
see in the attached link. Just add a WMS service!

https://dl.dropboxusercontent.com/u/12837459/Screenshot%20from%202017-01-03%2023-05-00.png

Luigi Pirelli

**************************************************************************************************
* Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
* LinkedIn: https://www.linkedin.com/in/luigipirelli
* Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
* GitHub: https://github.com/luipir
* Mastering QGIS 2nd Edition:
* https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
**************************************************************************************************

On 3 January 2017 at 18:42, John Cartwright
<john.c.cartwright at comcast.net> wrote:
> Thanks for your reply Luigi!  To be clear, the WMS service that I’m trying
> to connect to does not require a username/password but is only available via
> https.  The server (https://maps.ngdc.noaa.gov) has a valid CA certificate.
> I tried adding a SSL Server Configuration  (preferences -> authentication ->
> Manage Certificates -> Server) and while the entry appears to be valid, I
> still get the SSL Handshake error when trying add a WMS layer.
>
> Any further ideas?  Here’s the actual URL I’m trying to add:
>
> https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS
>
> Thanks again for your help!
>
> —john
>
>
> On Jan 2, 2017, at 1:52 AM, Luigi Pirelli <luipir at gmail.com> wrote:
>
> Hi John
>
> SSL is managed storing credentials using the QGIS Authentication
> Manager that store credentials in the same way as Firefox, in a master
> pwd crypted store in your $home/.qgis2/qgis-auth.db.
> You should managed credentials using Settings->options->authentication.
>
> QGIS uses OpenSSL => and specifically can import different king of
> credential method (using plugins => can be expanded). De default auth
> method installed are listed in the documentation:
> https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html
>
> what is you auth method? can you explain the workflow you followed to
> store and use your credentials?
>
> regards
> Luigi Pirelli
>
> **************************************************************************************************
> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
> * LinkedIn: https://www.linkedin.com/in/luigipirelli
> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
> * GitHub: https://github.com/luipir
> * Mastering QGIS 2nd Edition:
> *
> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
> **************************************************************************************************
>
>
> On 29 December 2016 at 22:38, John Cartwright
> <john.c.cartwright at comcast.net> wrote:
>
> Hello All,
>
> I’m trying to use a WMS service over https and get the following error when
> trying to connect:
>
> Failed to download capabilities:
> Download of capabilities failed: SSL handshake failed
>
> The URL works fine in a browser though.  I’m guessing that QGIS and the
> server are not able to agree on a cipher suite.  Can anyone tell me what
> ciphers QGIS supports or any way to get more insight into the underlying
> problem?
>
> QGIS is version 2.18.2.
>
> Thanks!
>
> —john
>
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>
>