[MapProxy] Problem with HTTPS source and self-signed certificate
Roman Woessner
roman.woessner at disy.net
Wed Nov 22 22:51:31 PST 2017
Hi,
I am glad to see the following improvement in the latest 1.11-release:
> MapProxy now uses CA certificates provided by your system if you use Python >=2.7.9 or >=3.4.
> The ``ssl_no_cert_checks`` option was broken with these Python versions. This is now fixed.
> The ``ssl_ca_certs`` option is still available for older systems, or for custom CA certificates.
It sounds like it will solve my problem. :-)
Thanks,
Roman
Am 27.09.2017 um 17:59 schrieb Roman Woessner:
>
> Hi,
>
>
> we use Mapproxy (1.10.0) with an OSM-TileServer source accessible by
> HTTPS.
>
> The tileservers SSL certificate is self-signed.
>
>
> For this case, the Mapproxy documentation tells us...
>
>
> "If you want to use SSL but do not need certificate verification, then
> you can disable it with the ssl_no_cert_checks option. You can also
> disable this check on a source level, see WMS source options."
>
> Therefore our configuration includes...
> "http:
> ssl_no_cert_checks: True"
> ... on the "globals"-level.
>
> This has the effect, that Mapproxy successfully initializes without a
> cert verification error.
> But we still get the following error, as soon as Mapproxy tries to
> connect to its tileserver source:
>
> Could not verify connection to URL:
> "https://our.tileserver/0/0/0.png": [SSL: CERTIFICATE_VERIFY_FAILED]
> certificate ...
>
> It seems that the config parameter "ssl_no_cert_checks" does not have
> any effect here.
>
> Can you help us? Is there anythin we have not considered?
>
> Roman
>
>
> _______________________________________________
> MapProxy mailing list
> MapProxy at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapproxy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapproxy/attachments/20171123/1dfdf874/attachment.html>
More information about the MapProxy
mailing list