https url with MapServer as WMS client

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

https url with MapServer as WMS client

Yves Jacolin-2
Hello,

I have a layer set up as a wms client. The url is an https. MapServer log shows that curl doesn't manage this very well:
Status -60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none)
It seems that curl doesn't get the certificate to check the url and so failed. Do you have any idea how to manage this:
* is there a parameter somewhere to defined?
* do we need to install the remote certificate localy?

Thanks,

Y.
--
Training and support manager
Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac, Cedex

Tel (France) : +33 4 58 48 20 43
Tel (Swisstzerland) : +41 21 619 10 43
Mob. : +33 6 18 75 42 21

email : [hidden email]
http://www.camptocamp.com

_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev
Reply | Threaded
Open this post in threaded view
|

Re: https url with MapServer as WMS client

Sebastiaan Couwenberg
On 2017-08-24 13:20, Yves Jacolin wrote:
> It seems that curl doesn't get the certificate to check the url and so
> failed. Do you have any idea how to manage this:
> * is there a parameter somewhere to defined?
> * do we need to install the remote certificate localy?

The certificate of the site is probably self-signed or not signed by a
CA that is included in the CA store on your server.

You can download the certificates into a bundle file and set the
CURL_CA_BUNDLE environment variable to use this file.

Kind Regards,

Bas
_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev
Reply | Threaded
Open this post in threaded view
|

Re: https url with MapServer as WMS client

Michael Smith
In reply to this post by Yves Jacolin-2
Yves,

http://mapserver.org/ogc/wxs_secure.html

Michael Smith
Remote Sensing/GIS Center
US Army Corps of Engineers

On Aug 24, 2017, at 7:20 AM, Yves Jacolin <[hidden email]> wrote:

Hello,

I have a layer set up as a wms client. The url is an https. MapServer log shows that curl doesn't manage this very well:
Status -60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none)
It seems that curl doesn't get the certificate to check the url and so failed. Do you have any idea how to manage this:
* is there a parameter somewhere to defined?
* do we need to install the remote certificate localy?

Thanks,

Y.
--
Training and support manager
Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac, Cedex

Tel (France) : +33 4 58 48 20 43
Tel (Swisstzerland) : +41 21 619 10 43
Mob. : +33 6 18 75 42 21

email : [hidden email]
http://www.camptocamp.com
_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev

_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev
Reply | Threaded
Open this post in threaded view
|

Re: https url with MapServer as WMS client

jratike80
In reply to this post by Yves Jacolin-2

Hi,

 

I do not believe that Mapserver has a switch for skipping the certificate check like GDAL has, see <UnsafeSSL>true</UnsafeSSL> in http://www.gdal.org/frmt_wms.html

 

This document describes how to add the self-signed certificate into your system http://mapserver.org/sq/ogc/wxs_secure.html.

 

-Jukka Rahkonen-

 

Lähettäjä: mapserver-dev [mailto:[hidden email]] Puolesta Yves Jacolin
Lähetetty: 24. elokuuta 2017 14:20
Vastaanottaja: mapserver-dev List <[hidden email]>
Aihe: [mapserver-dev] https url with MapServer as WMS client

 

Hello,

I have a layer set up as a wms client. The url is an https. MapServer log shows that curl doesn't manage this very well:

Status -60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none)

It seems that curl doesn't get the certificate to check the url and so failed. Do you have any idea how to manage this:

* is there a parameter somewhere to defined?

* do we need to install the remote certificate localy?

 

Thanks,

 

Y.

--

Training and support manager
Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac, Cedex

Tel (France) : +33 4 58 48 20 43
Tel (Swisstzerland) : +41 21 619 10 43
Mob. : +33 6 18 75 42 21

email : [hidden email]
http://www.camptocamp.com


_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev
Reply | Threaded
Open this post in threaded view
|

Re: https url with MapServer as WMS client

jmckenna
Administrator
In reply to this post by Michael Smith
Hi Yves,

For Windows users, MS4W includes the certificate bundle and points to it
through Apache; the docs might be helpful to you even if not on Windows:
http://www.ms4w.com/README_INSTALL.html#k-certificates-for-https-with-wms-wfs-servers

-jeff


--
Jeff McKenna
MapServer Consulting and Training Services
http://www.gatewaygeomatics.com/



On 2017-08-24 8:35 AM, Michael Smith wrote:

> Yves,
>
> http://mapserver.org/ogc/wxs_secure.html
>
> Michael Smith
> Remote Sensing/GIS Center
> US Army Corps of Engineers
>
> On Aug 24, 2017, at 7:20 AM, Yves Jacolin <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>> Hello,
>>
>> I have a layer set up as a wms client. The url is an https. MapServer
>> log shows that curl doesn't manage this very well:
>> Status -60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none)
>> It seems that curl doesn't get the certificate to check the url and so
>> failed. Do you have any idea how to manage this:
>> * is there a parameter somewhere to defined?
>> * do we need to install the remote certificate localy?
>>
>> Thanks,
>>
>> Y.
>> --
>> Training and support manager
>> Camptocamp France SAS
>> Savoie Technolac, BP 352
>> 73377 Le Bourget du Lac, Cedex
>>
>> Tel (France) : +33 4 58 48 20 43
>> Tel (Swisstzerland) : +41 21 619 10 43
>> Mob. : +33 6 18 75 42 21

_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev
Reply | Threaded
Open this post in threaded view
|

Re: https url with MapServer as WMS client

Yves Jacolin-2
Thanks you all! I will test (and read) the document on wxs secure. First time I see this page :D

Y.

2017-08-24 13:44 GMT+02:00 Jeff McKenna <[hidden email]>:
Hi Yves,

For Windows users, MS4W includes the certificate bundle and points to it through Apache; the docs might be helpful to you even if not on Windows: http://www.ms4w.com/README_INSTALL.html#k-certificates-for-https-with-wms-wfs-servers

-jeff


--
Jeff McKenna
MapServer Consulting and Training Services
http://www.gatewaygeomatics.com/




On 2017-08-24 8:35 AM, Michael Smith wrote:
Yves,

http://mapserver.org/ogc/wxs_secure.html

Michael Smith
Remote Sensing/GIS Center
US Army Corps of Engineers

On Aug 24, 2017, at 7:20 AM, Yves Jacolin <[hidden email] <mailto:[hidden email]>> wrote:

Hello,

I have a layer set up as a wms client. The url is an https. MapServer log shows that curl doesn't manage this very well:
Status -60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none)
It seems that curl doesn't get the certificate to check the url and so failed. Do you have any idea how to manage this:
* is there a parameter somewhere to defined?
* do we need to install the remote certificate localy?

Thanks,

Y.
--
Training and support manager
Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac, Cedex

Tel (France) : <a href="tel:%2B33%204%2058%2048%2020%2043" value="+33458482043" target="_blank">+33 4 58 48 20 43
Tel (Swisstzerland) : <a href="tel:%2B41%2021%20619%2010%2043" value="+41216191043" target="_blank">+41 21 619 10 43
Mob. : <a href="tel:%2B33%206%2018%2075%2042%2021" value="+33618754221" target="_blank">+33 6 18 75 42 21

_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev



--
Training and support manager
Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac, Cedex

Tel (France) : +33 4 58 48 20 43
Tel (Swisstzerland) : +41 21 619 10 43
Mob. : +33 6 18 75 42 21

email : [hidden email]
http://www.camptocamp.com

_______________________________________________
mapserver-dev mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-dev