Posted by sonnb, 06-18-2015, 05:28 PM | I can not figure out what's going on, maybe someone here can help.
Currently hosting with godaddy shared, I am using SNI with a GeoTrust certicate
everything works fine, with both IE and Firefox browser's etc.
The problem is when I check the site URL
with CURL https://www.MyDomainName.com
again, everything works fine when using a browser
displays, you are connect to
MyDomainName.com
varified by Geo Trust inc.
anyone know what the problem could be with CURL?
Thanks
Last edited by sonnb; 06-18-2015 at 05:33 PM.
|
Posted by diman, 06-19-2015, 04:20 AM | For further investigation please provide an output:
It is also recommended:
- check date on server with curl
- check dates of certificates
Moreover, was certificate generated for MyDomainName.com or www.MyDomainName.com?
|
Posted by Scott.Mc, 06-19-2015, 07:23 AM | If your using SNI as you say and it works in the browser chances are the version of curl compiled against PHP is old and doesn't have SNI support or the version openssl is too old too. Try
and get your version. looking at: http://curl.haxx.se/changes.html SNI was introduced in 7.18.1
|
Posted by sonnb, 06-19-2015, 11:52 AM | I checked the SSL with all the checkers, ssllabs, ssl shooper etc all report everything is fine.
IE, FF same, everything is normal,
only when I check the site with CURL and have
I get the following error below
I'm using
cURL Information 7.36.0
SSL Version OpenSSL/1.0.1e
Thanks
|
Posted by DWS2006, 06-19-2015, 01:34 PM | Have you tried setting CURLOPT_SSLVERSION to 1 (will force a TLS connection)? It's possible that curl is connecting via SSLv3 by default.
|
Posted by sonnb, 06-19-2015, 02:52 PM | Hi, Hope you doing ok, it's been awhile...
I commented that line out completely when I first set this up that too was throwing a error setting CURLOPT_SSLVERSION to 1 did not change anything. same error.
I did set curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);// and that works for now.
Just curious why prod.phx3.secureserver.net is showing up in my CURL error in the first place. something's just not right here.
One would think that multiple SSL online testers as well as IE and FF browser's found no problems or mismatching with my GeoTrust certificate all would be fine with curl. Thanks
|
Posted by DWS2006, 06-19-2015, 03:19 PM | Hello @sonnb, I'm great, outside of this issue I hope you are as well.
*.prod.phx3.secureserver.net is the CN for the servers primary SSL certificate. For some reason curl is not using SNI to make this connection even though your curl version should support it. If I think of any other possible solutions I'll post them here.
|
Posted by sonnb, 06-19-2015, 04:10 PM | Returned fast as possible, for those who might read this. I just realized, I posted CURL and SSL info above from the wrong server, Sorry about that.
Updated info
libcurl/7.15.5
OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
It appears the version of CURL on the server I am checking from does not support SNI, and that was the problem. and the reason why it was getting the default certificate and of course that would never match.
on the bright side of things everything was working exactly as it should be, and that's a great thing.
in case anyone is interested...
SNI has been great for us so far, only hicup I could find was XP not supporting it, but after following up on the few logged XP user agent strings, turned out to be fakes, not individuals from any ISP, but rather just servers probing or scanning etc. but that's just us.
thanks Scott.Mc, and also DWS2006
Last edited by sonnb; 06-19-2015 at 04:14 PM.
|
|
Add to Favourites
Print this Article |