Impossible SSL CAS-certificates with phpCAS and examples. It only works without SSL server verification

3k views Asked by At

I am doing a CAS integration with a project that I am doing with my university. The final integration should be made with symfony2, however first I need to make the example code working.

I finally get working the example_simple.php example with phpCAS 1.3.2 , however the directive:

phpCAS::setNoCasServerValidation();

is the enabled one. I think I should use instead:

phpCAS::setCasServerCACert($cas_server_ca_cert_path);

However when I enable this second one (and disable the other) then the authorization does not work anymore. Here is the relevant output line error of the log:

could not open URL 'https://cas_server.fi/cas/serviceValidate?service=http%3A%2F%2Flocalhost%2Fphpcas2%2Fdocs%2Fexamples%2Fexample_simple.php&ticket=ST-115606-M1Omd1cHWzbLbmxa1nYV-cas' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:2763]

The cas server provided me two .crt files:

  • MYCASRootCA.crt
  • MYCASLinuxSUBCA.crt

And they are suppose to be installed in my system (Ubuntu 13.10). They are in different places, such a /etc/ssl/certs/MYCASLinuxSUBCA.pem but also:

  • /usr/share/ca-certificates/lut/MYCASRootCA.crt
  • /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt

So assuming that the variable $cas_server_ca_cert_path has to have one of these .crt files or .pem dirs (such a /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt) I cannot make it work. What I am doing it wrong? My client-server (no the cas server) is in my localhost. Is it a problem? Should I avoid use setCasServerCACert command? Why is it happening?

I've also tried to use the curl-ca-bundle.crt certificate provided by my XAMP instalation (Xampp 1.8.3).

I am a little bit lost with certificates as you can see.

I read about problems with phpCAS and recent Ubuntu versions in https://github.com/Jasig/phpCAS/issues?state=open. However I cannot make this working with the master code, even without certification (by default).

Any ideas would be appreciated...

1

There are 1 answers

0
José Cabo On BEST ANSWER

I have found the solution asking in the github library: https://github.com/Jasig/phpCAS/issues/119

The reason is that the curl binary used by PHP in my xampp installation is different from the system's curl binary. The system one has access to /etc/ssl/certs/ certificates, but the xampp curl does not have (unless you don't indicate it, of course). By default, it searches in a special certificate-bundle-file.

Finally I have found the real certificate for my cas-server and I am using it, however maybe you want to use other proposed solution at the end of the discussion thread if you are having a similar problem.