You are not logged in.
Hi guys,
I've reached the end of my understanding on this one...
* I have an arch server running apache with php-apache and a selfsigned CA.
* The server also runs a (configured and working) courier imap server
* I symlinked the CA to /usr/local/share/ca-certificates as well as /etc/ssl/certs and ran update-ca-certificates
* curl https://[hostname] works fine
* PHP (it's Tine20) using stream_socket_enable_crypto on the imap server fails to verify the certificate:
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed... Why? I did not configure any CA path, as far as I am aware, php should use curls CA bundle.
Any help is greatly appreciated.
Update:
strace shows httpd actually opens the CAcert by hash (/etc/ssl/certs/7ed92e6f.0), then tries to stat /etc/ssl/certs/7ed92e6f.1, then proceeds to open /dev/log and write the error message to log. So how do I find out which part of my certificate/chain it didn't like?
After updating Tine20 the TLS error messages became more helpful... It was a CN mismatch as the Tine setup was configured for localhost. I'm not sure why this suddenly stopped working because it shouldn't have in the first place...
Last edited by XT (2014-10-11 22:07:08)
Offline