[mapserver-users] MapServer as WMS client - HTTPS CERTIFICATE problem.

Rahkonen Jukka Jukka.Rahkonen at mmmtike.fi
Wed Aug 3 00:55:05 EDT 2011 

Hi,

With Windows MS4W is setting the path to local certificate file with environment variable CURL_CA_BUNDLE and by default it is \ms4w\Apache\conf\ca-bundle\cacert.pem with the setenv.bat
Perhaps you can tell where your modified certificate bundle file is with a mapfile too, but I have not tried it.  I have just added new certificates into the default cacert.pem.
I am not sure if it it possible to make Mapserver to pass on the --insecure parameter for curl to tell it trust anything without checking the certificate at all.

Have you read already http://trac.osgeo.org/mapserver/ticket/3070?

-Jukka Rahkonen-

 Bob Basques wrote:

> All,


> I did some more research on this.  Forwarding on my own posting from the user list here to ask a question,


> Couldn't the server certificate be added to the request process via a MAPFILE > METADATA field for inclusion in the requests, in lieu of adding it to the CURL cert request, or am I thinking > about this backwards?


> thanks


> bobb




--------




All,


Ok, got the debugging to spit out the actual request for a service, with the following CERT error ::



[Tue Aug  2 16:21:59 2011].998742 CGI Request 1 on process 14407

[Tue Aug  2 16:22:00 2011].23599 msHTTPExecuteRequests(): HTTP request error. HTTP: request failed with curl error code 60 (SSL certificate problem, ve

rify that the CA cert is OK. Details:

error:14090086:SSL routines:func(144):reason(134)) for https://xxx.xx.xxxxxx.xx/ArcGIS/services/StPaul/ParcelPolyWMSF/MapServer/WMSServer?LAYERS=0&

REQUEST=GetMap&SERVICE=WMS&FORMAT=image/png24&STYLES=&HEIGHT=331&VERSION=1.1.1&SRS=EPSG:202011&WIDTH=943&BBOX=577250.000302263,157778.662078316,581708.

889731801,159343.765366945&TRANSPARENT=TRUE&EXCEPTIONS=application/vnd.ogc.se_inimage

[Tue Aug  2 16:22:00 2011].23974 msDrawWMSLayerLow(): WMS server error. WMS GetMap request failed for layer 'Parcel Polygons' (Status -60: SSL certific

ate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:func(144):reason(134)).

[Tue Aug  2 16:22:00 2011].23989 msDrawMap(): Layer 1 (Parcel Polygons), 0.000s

[Tue Aug  2 16:22:00 2011].24013 msDrawMap(): Drawing Label Cache, 0.000s

[Tue Aug  2 16:22:00 2011].24026 msDrawMap() total time: 0.025s

[Tue Aug  2 16:22:00 2011].77595 msSaveImage() total time: 0.053s

[Tue Aug  2 16:22:00 2011].77691 mapserv request processing time (loadmap not incl.): 0.079s

[Tue Aug  2 16:22:00 2011].77701 msFreeMap(): freeing map at 0x7144b0.


Question, can this be handled in the MAPFILE somehow?  I did verify that the request works, once it's sent, by pasting into a Browser that already accepted the certificate.


Thanks


bobb

More information about the mapserver-users mailing list