CURL Could Not Open URL While Verifying SSL Certs
Closed this issue · 1 comments
Hi dfwarden,
I had an issue related to the first process of CAS Client while validating ST. It was the fact that curl could not open the url responsed by CAS Server while verifying SSL Certificate of CAS Server (using CA Certs). The main logs said that:
...
D367 .| | | | => CAS_Client::_readURL('https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', NULL, NULL, NULL) [Client.php:3118]
D367 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
D367 .| | | | | | CURL: Set CURLOPT_CAINFO /etc/obm/certs/cas_server_certs.pem [CurlRequest.php:129]
D367 .| | | | | | curl_exec() failed [CurlRequest.php:77]
D367 .| | | | | <= false
D367 .| | | | <= false
D367 .| | | | could not open URL 'https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:3121]
D367 .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', true) [Client.php:3125]
D367 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
D367 .| | | | | <= 'https://mailobm.openroad.vn/webmail/?_action=caslogin'
D367 .| | | | | CAS URL: https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback [AuthenticationException.php:79]
D367 .| | | | | Authentication failure: Ticket not validated [AuthenticationException.php:80]
D367 .| | | | | Reason: no response from the CAS server [AuthenticationException.php:82]
D367 .| | | | | exit()
...
P.S. Our testing environment:
- OS: CentOS 6.4
- phpCAS: 1.3.3
- Roundcube: 0.8.7
- Roundcube-CAS-Authn: the latest version on Github
Any suggestions for me? Thanks.
Sorry this reply took so long.
It sounds like phpCAS would not build a trust chain for the cert offered on
cas.openroad.vn:8443. I see you set your CA certs but it fails getting the
"local issuer certificate."
My first question would be what certificate(s) does cas.openroad.vn:8443
present? I suspect there may be an intermediate certificate somewhere that
may or may not be present in your cas_server_certs.pem. That's not a great
guess, but most of the time I see the "local issuer certificate" error it
has something to do with intermediate certs.
-Dave
On Wed, Jul 30, 2014 at 1:38 AM, Nguyen Nang Thang <notifications@github.com
wrote:
Hi dfwarden,
I had an issue related to the first process of CAS Client while validating
ST. It was the fact that curl could not open the url responsed by CAS
Server while verifying SSL Certificate of CAS Server (using CA Certs). The
main logs said that:
...
D367 .| | | | => CAS_Client::_readURL('
https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback',
NULL, NULL, NULL) [Client.php:3118]
D367 .| | | | | => CAS_Request_CurlRequest::sendRequest()
[AbstractRequest.php:242]
D367 .| | | | | | CURL: Set CURLOPT_CAINFO
/etc/obm/certs/cas_server_certs.pem [CurlRequest.php:129]
D367 .| | | | | | curl_exec() failed [CurlRequest.php:77]
D367 .| | | | | <= false
D367 .| | | | <= false
D367 .| | | | could not open URL '
https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback'
to validate (CURL error #60: SSL certificate problem: unable to get local
issuer certificate) [Client.php:3121]
D367 .| | | | => CAS_AuthenticationException::__construct(CAS_Client,
'Ticket not validated', '
https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback',
true) [Client.php:3125]
D367 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
D367 .| | | | | <= 'https://mailobm.openroad.vn/webmail/?_action=caslogin'
D367 .| | | | | CAS URL:
https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback
[AuthenticationException.php:79]
D367 .| | | | | Authentication failure: Ticket not validated
[AuthenticationException.php:80]
D367 .| | | | | Reason: no response from the CAS server
[AuthenticationException.php:82]
D367 .| | | | | exit()
...P.S. Our testing environment:
- OS: CentOS 6.4
- phpCAS: 1.3.3
- Roundcube: 0.8.7
- Roundcube-CAS-Authn: the latest version on Github
Any suggestions for me? Thanks.
—
Reply to this email directly or view it on GitHub
#11.