From owner-freebsd-questions@FreeBSD.ORG Tue Sep 18 00:55:05 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8963D1065670 for ; Tue, 18 Sep 2012 00:55:05 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.120]) by mx1.freebsd.org (Postfix) with ESMTP id 427668FC16 for ; Tue, 18 Sep 2012 00:55:05 +0000 (UTC) X-Authority-Analysis: v=2.0 cv=LKXkseq9 c=1 sm=0 a=+L5dYfeubEW4PLvjDgtIXQ==:17 a=WAZfUmVf-EkA:10 a=05ChyHeVI94A:10 a=kj9zAlcOel0A:10 a=ayC55rCoAAAA:8 a=DNJOWb6mEqUA:10 a=pGLkceISAAAA:8 a=W6u0E1Bvrrh4OckPRT0A:9 a=CjuIK1q_8ugA:10 a=MSl-tDqOz04A:10 a=rf2mMl_FwNYFCj69:21 a=FBeD7IEpL7gpXn-H:21 a=+L5dYfeubEW4PLvjDgtIXQ==:117 X-Cloudmark-Score: 0 X-Originating-IP: 76.184.157.127 Received: from [76.184.157.127] ([76.184.157.127:54221] helo=[10.0.0.191]) by cdptpa-oedge01.mail.rr.com (envelope-from ) (ecelerity 2.2.3.46 r()) with ESMTP id 83/96-21812-866C7505; Tue, 18 Sep 2012 00:55:04 +0000 Date: Mon, 17 Sep 2012 19:55:03 -0500 From: Paul Schmehl To: Kurt Buff , FreeBSD Questions Message-ID: In-Reply-To: References: <7B0F14047E62DBD5FCE76646@Pauls-MacBook-Pro.local> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Re: Problems with ssl certs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2012 00:55:05 -0000 --On September 17, 2012 5:31:25 PM -0700 Kurt Buff wrote: > On Mon, Sep 17, 2012 at 5:13 PM, Paul Schmehl > wrote: >> I'm setting up a new server and plan on migrating a Wordpress blog to it. >> Right now the server does not resolve with DNS, because the server I'm >> migrating from is still up and running. (I'm in the setup and configure >> stage.) >> >> I've got Wordpress installed and working with apache22, mysql 5.4, php >> 5.5 and suphp. I've migrated some of the blog over and installed some >> plugins I need. >> >> One of the plugins is the Wordpress jetpack. I can't figure out how to >> get this plugin to active. >> >> This is the error message I'm getting: >> >> Your website needs to be publicly accessible to use Jetpack: >> site_inaccessible >> >> Error Details: The Jetpack server was unable to communicate with your >> site [IXR -32300: transport error: http_request_failed SSL certificate >> problem, verify that the CA cert is OK. Details: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed] >> >> I assume this is a problem with the site's self-signed cert not verifying >> through curl. I cat'd the cert into the ca-certfile, but it still >> doesn't work, so maybe I'm wrong. >> >> Here's the path for the ca file: >> # curl-config --ca >> /usr/local/share/certs/ca-root-nss.crt >> >> I cat'd both the site's cert and the Jetpack site's cert into the >> ca-root-nss.crt file. I think Jetpack is using php-curl. I have the >> php-curl extension installed. >> >> Is there a way to get this self-signed cert working? Or am I going to >> have to buy a cert? > > I could be off base here, and you may already have thought of this, > but is the cert tied to the IP address or the name of the server? If > it's tied to the name, and you're accessing it via the IP address, > it's been my experience that the cert will throw an error. Vice versa, > too. > That did not change a thing. Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell