#1
  1. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221

    http error: 0 | SSL certificate problem: self signed certificate in certificate chain


    Hi;

    Does anyone know whats the deal with this error?

    Thanks

    Code:
    bash-3.2# php artisan queue:subscribe atless admin.mySite.com.au/queue
    [Http_Exception]
    http error: 0 | SSL certificate problem: self signed certificate in certificate chain
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,473
    Rep Power
    653
    What code is generating that error? You've been around long enough to know we are not clairvoyant.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Originally Posted by gw1500se
    You've been around long enough to know we are not clairvoyant.

    Do you know Iron.io at all? Laravel? Composer? Rings a bell?

    I added Queue::getIron()->ssl_verifypeer = false; to routs.php. I get this now Getting there.
    [Http_Exception]
    http error: 400 | {"msg":"Only http(s), ironmq and ironworker schemes supported in subscriber URL's."}


    "You've been around long enough"...That is a nice over-done quote, originally by Requnix. Give him credit if you wanna sound like him.

    Thank you
  6. #4
  7. Headless Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,931
    Rep Power
    9647
    The error was about how someone was using a self-signed cert. It's insecure so the whatever it is decided to abort. Turning off peer verification is the way to get around that, but really they (you?) should be using an actual cert.

    For this new error... I'm sure a description of what you're doing would go a long way towards explaining where the problem is. It makes sense semantically but we're totally missing the context.

    Originally Posted by English Breakfast Tea
    "You've been around long enough"...That is a nice over-done quote, originally by Requnix. Give him credit if you wanna sound like him.
    Eh, we all like quoting each other. You should know that. You've Been Around Long Enough™.

    The reader, hereafter known as "You", is hereby granted a non-exclusive, royalty-free, irrevocable license in perpetuity to the use of the phrase "you've been around long enough", hereafter known as "The Phrase". You may write, speak, or otherwise communicate The Phrase for any purpose or audience with no attribution required. THERE IS NO WARRANTY FOR THE PHRASE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. requinix PROVIDES THE PHRASE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF UTILITY AND FITNESS FOR A PARTICULAR DISCUSSION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW WILL requinix, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PHRASE AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PHRASE (INCLUDING BUT NOT LIMITED TO LOSS OF DIGNITY OR LOSS OF STANDING IN A COMMUNITY OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PHRASE TO MAKE SENSE WITH ANY OTHER PHRASES), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

    Comments on this post

    • gw1500se agrees : ROTFLMAO
    Last edited by requinix; May 4th, 2014 at 03:41 AM.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1018
    I think there are a couple of misconceptions regarding certificates.

    The statement that “self-signed certificates are insecure” doesn't make much sense. First of all, every certificate chain is based on a self-signed root certificate. That's simply how the system works. If a certificate is self-signed, that only means it must be verified directly rather than through a parent certificate. This is actually a major security benefit in many scenarios (like yours).

    Buying a certificate from one of the big commercial CAs (Symantec, Comodo etc.) does not make you more secure. It actually makes you less secure, because now you're dependent on both your own security and the security of the CA. If the CA is compromised or simply doesn't do its job (yes, this happens pretty often), attackers may be able to forge a certificate for your site and perform a man-in-the-middle attack.

    So do use your own certificates for internal requests. There's absolutely no reason whatsoever to spend extra money on a commercial one. Those only make sense for public pages.

    What Iron complains about is not the fact that the certificate is self-signed (that would be nonsense). It simply doesn't find it in the list of trusted certificates. Check the manual on how to add the certificate. Or try the ini setting curl.cainfo (Iron uses the cURL library under the hood).

    Turning off certificate verification is not an option, because this breaks TLS entirely. It worries me that the Iron.io people actually recommend this as a “solution”.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo