Zend Server 8.5.7 JobQ HTTPS requests

General discussion forum for the Zend Server
Post Reply
gfroehlich
Posts: 22
Joined: Tue Jul 06, 2010 11:48 am

Zend Server 8.5.7 JobQ HTTPS requests

Post by gfroehlich » Fri Mar 16, 2018 10:02 am

Hello,

We would like to change our project from HTTP to HTTPS. The setup of Apache was the easiest task.

The first PHP related issue I run into was CURL. This was solvable in OS with openssl setup by adding company internal root certificates
and setting reference in php.ini (conf.d/curl.ini) curl.cainfo to CA trust bundle: full path of file used by openssl: /etc/pki/tls/certs/ca-bundle.crt

The php.ini directive openssl.cafile is also set to the same value.

Execution of a job e.g. defined as recurring job fails with the following message:
Bad HTTP response 0: The issuer certificate of a locally looked up certificate could not be found
Is there somewhere a setup to tell Zend Server Jobq daemon where to look for root certificates?

ZS: 8.5.7
PHP: 5.6.30
OS: RHEL 6.9 2.6.32-696.10.3.el6.x86_64 #1 SMP Thu Sep 21 12:12:50 EDT 2017 x86_64
WS: Apache 2.0

best regards
Gabriel

User avatar
zend_eyalt
Posts: 282
Joined: Thu Jan 22, 2009 3:16 pm

Re: Zend Server 8.5.7 JobQ HTTPS requests

Post by zend_eyalt » Tue Mar 20, 2018 10:54 am

Hi,

JQ Daemon (using the QT library) loads the the system's default CA certificate database.

Up until now we haven't encountered a situation where the need to override that was required - have you updated your CA certificate bundle ?

I would suggest that temporarily you switch the JQ Daemon verbosity directive (zend_jobqueue.daemon.log_verbosity_level=5) to 5 and restart the daemon, just to see that it loads the certificates correctly - you should see there many certificates with output similar to:

Code: Select all

[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Default CA Certificates: 334 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: Entrust.net Secure Server Certification Authority 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name:  
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: Equifax Secure Global eBusiness CA-1 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: Equifax Secure eBusiness CA-1 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: GTE CyberTrust Global Root 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: NetLock Uzleti (Class B) Tanusitvanykiado 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: NetLock Expressz (Class C) Tanusitvanykiado 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: http://www.valicert.com/ 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: Thawte Premium Server CA 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: Thawte Premium Server CA 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: Thawte Server CA 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: http://www.valicert.com/ 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: http://www.valicert.com/ 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name:  
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name:  
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name:  
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: ACCVRAIZ1 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: ACEDICOM Root 
[JobQueue 20.03.2018 11:20:25 p10302/t140686785431360 DBG3] Subject Name: Actalis Authentication Root CA 
....

Post Reply