[ww-devel] The library browser not updating problem

Matt Haught matt_haught at ncsu.edu
Tue Aug 26 19:56:29 EDT 2014 

Same problem here on our devel server but not our production. I have
been scratching my head with it today.  Our devel server also uses the
incommon certs while the production is using godaddy from before we
could get incommon.  So that got me thinking...  I have something for
you to try that appears to have worked for us.

Add a SSLCACertificateFile apache conf line and have it use the
intermediate/root only cert (2nd link down in the InCommon email)

Matt Haught
North Carolina State University


On Tue, Aug 26, 2014 at 5:49 PM, Jason Aubrey <aubreyja at gmail.com> wrote:
> Well, at this point I think the error has something to do with how my ssl is
> configured.  Here is some evidence from my apache log with LogLevel info:
>
> There were a lot of errors: 500 Can't connect to
> webwork.math.arizona.edu:443 at /opt/webwork/webwork2/lib/WebworkClient.pm
> line 158
>
> [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] SSL library error 1 in
> handshake (server webwork.math.arizona.edu:443)
> [Tue Aug 26 14:35:13 2014] [info] SSL Library Error: 336151576
> error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] Connection closed to
> child 0 with abortive shutdown (server webwork.math.arizona.edu:443)
>
> So, you can see (1) that 'it' can't connect to webwork.math.arizona.edu:443
> and (2) the ssl handshake seems to be dying due to an unknown certificate
> authority.  But if you looked at my server, you would see (3) that my
> certificate authority is in fact well known:
>>
>> Issued By
>>
>> Common Name (CN) InCommon Server CA
>>
>> Organizaton (O) Internet2
>>
>> etc...
>
> Also, there is the fact that (4) my web browsers have no problem connecting
> to the https site.
> So,
> (a) Maybe the perl module(s) running the webservice calls (LWP?) don't
> recognize the certificate authority.
> (b) Maybe the way my redirect to ssl is set up is messing with the web
> service calls. (Permanent redirect to a *:443 vhost)
> (c) Maybe there is some other configuration problem with my ssl set up.
> (d) Maybe this is completely unrelated to the actual problem.
>
> Thanks for any ideas.
> Jason
>

More information about the webwork-devel mailing list