Migrated from Redmine #538 | Author: Jeffrey van Hal
Status: Closed | Priority: High, I’m very impatient | Created: 2020-05-31
Hi, Since [Sat May 30 12:49:02.036844 2020] I receive errors that I can’t connect to you API any more. It looks like a certificate is rejected
[Sun May 31 22:24:01.724107 2020] [:error] [pid 16528] [client XX] PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
[Sun May 31 22:24:01.724424 2020] [:error] [pid 16528] [client XX] error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in JsonRpcClient.php on line 50
[Sun May 31 22:24:01.724669 2020] [:error] [pid 16528] [client XX] PHP Warning: file_get_contents(): Failed to enable crypto in JsonRpcClient.php on line 50
[Sun May 31 22:24:01.725000 2020] [:error] [pid 16528] [client XX] PHP Warning: file_get_contents(https://user-api.simplybook.me/login/): failed to open stream: operation failed in JsonRpcClient.php on line 50
I am using the JsonRpcClient.php from https://simplybook.me/api_example/JsonRpcClient.zip
Before above timestamp I had no issues. I moved all code to another server with the same results.
Redmine Admin wrote:
Please update your php, ssl or OS to last version. Here is more details about this issue Comodo Knowledge Base
There is nothing we can do our side. Your ssl software is outdated and must be updated.
Jeffrey van Hal wrote:
Wow. That is called support !
No, I don’t like that is is not working, but Yes: You point me in the perfect direction. I will complain to my hoster that their system (Directadmin) needs an update.
In case someone has the same issue and sees this page in search:
– NOTE: THIS IS INSECURE AND SHOULD NOT BE USED IN PRODUCTION –
Edit the file JsonRpcClient.php and add a ‘ssl’ section to the _contextOptions:
$this->_contextOptions = array(
‘http’ => array(
‘method’ => ‘POST’,
‘header’ => implode(“\r\n”, $headers) . “\r\n”
),
“ssl” => array(
“verify_peer” => false,
“verify_peer_name” => false,
)
);
Redmine Admin wrote:
This option is really NOT recommended. If you face with such issued then it is time to upgrade your sotware (at least lib ssl on unix systems).
Jeffrey van Hal wrote:
Hi Redmine Admin,
Got feedback from my hoster. They have tested it on a brand new server with up-to-date software and the problem remains, so they started an investigation to help me out.
Please see
This seems like that the problem is on your end (see at Additional Certificates, end then #3)
Subject USERTrust RSA Certification Authority
Fingerprint SHA256: 1a5174980a294a528a110726d5855650266c48d9883bea692b67b6d726da98c5
Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=
Valid until Sat, 30 May 2020 10:48:38 UTC (expired 1 day, 21 hours ago) EXPIRED
Key RSA 4096 bits (e 65537)
Issuer AddTrust External CA Root
Signature algorithm SHA384withRSA
Could you remove the expired certificate from your chain
Many thanks
Jeffrey
Redmine Admin wrote:
hi, one of additional certs expried but it is NOT a problem because there is another valid additional cert. If it would be any problem we would never get A rank there
Jeffrey van Hal wrote:
Still, could you remove it from the chain to see if that fixes the problem
Thanks
Redmine Admin wrote:
no, this is not possible with already issued certs