Date: Mon, 30 Apr 2018 16:25:57 -0400 From: "Derek (freebsd lists)" <482254ac@razorfever.net> To: byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org Subject: Re: PHP and openssl Message-ID: <d71e86be-718f-b6fb-0146-e0073459ce7b@razorfever.net> In-Reply-To: <71b67f79d405215f875f7fcd61913959.squirrel@webmail.harte-lyne.ca> References: <71b67f79d405215f875f7fcd61913959.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18-04-30 10:29 AM, James B. Byrne via freebsd-questions wrote: > I am trying to get a Squirrelmail-1.4.23, running on FreeBSD-11.1 > under Apache-2.4.33, to connect to our existing Cyrus-IMAP and SMTP > services using TLS. Examination of the web service log files for ssh > reveals these messages: > > [Mon Apr 30 09:10:22.510233 2018] [:error] [pid 75098] [client > 192.168.209.44:36022] PHP Warning: fsockopen(): SSL operation failed > with code 1. OpenSSL Error messages:\nerror:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify failed in > /usr/local/www/squirrelmail/src/configtest.php on line 406 > ... > > Now, if I connect to inet08.hamilton.harte-lyne.ca:465 using openssl > s_client I see this: > > openssl s_client -connect inet08.hamilton.harte-lyne.ca:465 > CONNECTED(00000003) > depth=2 CN = CA_HLL_ROOT_2016, ST = Ontario, O = Harte & Lyne Limited, > OU = Networked Data Services, C = CA, DC = harte-lyne, DC = ca, L = > Hamilton > verify error:num=19:self signed certificate in certificate chain > --- This looks to me like you don't have your custom CA (or cert) in your certificate chain. You might have the option to disable strict checking, but better - install custom certificate in the machine. This thread seems relevant: https://lists.freebsd.org/pipermail/freebsd-questions/2015-March/264652.html or this: https://stackoverflow.com/questions/41772340/how-do-i-add-a-certificate-authority-to-php-so-the-file-function-trusts-certif?rq=1 Hope that helps! Derek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d71e86be-718f-b6fb-0146-e0073459ce7b>