From owner-freebsd-questions@FreeBSD.ORG Tue Sep 18 03:03:02 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C55CE1065673 for ; Tue, 18 Sep 2012 03:03:02 +0000 (UTC) (envelope-from pschmehl_lists@tx.rr.com) Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.120]) by mx1.freebsd.org (Postfix) with ESMTP id 84C238FC0A for ; Tue, 18 Sep 2012 03:03:02 +0000 (UTC) X-Authority-Analysis: v=2.0 cv=LKXkseq9 c=1 sm=0 a=+L5dYfeubEW4PLvjDgtIXQ==:17 a=WAZfUmVf-EkA:10 a=05ChyHeVI94A:10 a=kj9zAlcOel0A:10 a=ayC55rCoAAAA:8 a=DNJOWb6mEqUA:10 a=pGLkceISAAAA:8 a=W6u0E1Bvrrh4OckPRT0A:9 a=CjuIK1q_8ugA:10 a=MSl-tDqOz04A:10 a=SXrsA1tBIAQUFMic:21 a=Sl0Kco2P6Jh9UW21:21 a=+L5dYfeubEW4PLvjDgtIXQ==:117 X-Cloudmark-Score: 0 X-Originating-IP: 76.184.157.127 Received: from [76.184.157.127] ([76.184.157.127:55446] helo=[10.0.0.191]) by cdptpa-oedge01.mail.rr.com (envelope-from ) (ecelerity 2.2.3.46 r()) with ESMTP id F5/82-21812-564E7505; Tue, 18 Sep 2012 03:03:01 +0000 Date: Mon, 17 Sep 2012 22:03:00 -0500 From: Paul Schmehl To: FreeBSD Questions Message-ID: <08A12383C3E88E69782C5A19@Pauls-MacBook-Pro.local> In-Reply-To: References: <7B0F14047E62DBD5FCE76646@Pauls-MacBook-Pro.local> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: Problems with ssl certs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2012 03:03:03 -0000 --On September 17, 2012 7:22:44 PM -0700 Kurt Buff wrote: > On Mon, Sep 17, 2012 at 5:55 PM, Paul Schmehl > wrote: >> >> --On September 17, 2012 5:31:25 PM -0700 Kurt Buff >> wrote: >> >>> On Mon, Sep 17, 2012 at 5:13 PM, Paul Schmehl >>> wrote: >>>> >>>> I'm setting up a new server and plan on migrating a Wordpress blog to >>>> it. Right now the server does not resolve with DNS, because the server >>>> I'm migrating from is still up and running. (I'm in the setup and >>>> configure stage.) >>>> >>>> I've got Wordpress installed and working with apache22, mysql 5.4, php >>>> 5.5 and suphp. I've migrated some of the blog over and installed some >>>> plugins I need. >>>> >>>> One of the plugins is the Wordpress jetpack. I can't figure out how to >>>> get this plugin to active. >>>> >>>> This is the error message I'm getting: >>>> >>>> Your website needs to be publicly accessible to use Jetpack: >>>> site_inaccessible >>>> >>>> Error Details: The Jetpack server was unable to communicate with your >>>> site [IXR -32300: transport error: http_request_failed SSL certificate >>>> problem, verify that the CA cert is OK. Details: error:14090086:SSL >>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed] >>>> >>>> I assume this is a problem with the site's self-signed cert not >>>> verifying through curl. I cat'd the cert into the ca-certfile, but it >>>> still doesn't work, so maybe I'm wrong. >>>> >>>> Here's the path for the ca file: >>>> # curl-config --ca >>>> /usr/local/share/certs/ca-root-nss.crt >>>> >>>> I cat'd both the site's cert and the Jetpack site's cert into the >>>> ca-root-nss.crt file. I think Jetpack is using php-curl. I have the >>>> php-curl extension installed. >>>> >>>> Is there a way to get this self-signed cert working? Or am I going to >>>> have to buy a cert? >>> >>> >>> I could be off base here, and you may already have thought of this, >>> but is the cert tied to the IP address or the name of the server? If >>> it's tied to the name, and you're accessing it via the IP address, >>> it's been my experience that the cert will throw an error. Vice versa, >>> too. >>> >> >> That did not change a thing. > > Hmm. Using the loopback address? > Um, no. I'm accessing the site from my house over the web. Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell