centos-7 certification

[mark edwards]

over the past two days, LOTS of php functions quit working, most complaining about certification issues.

i found this certification link, and the page had this advice:

=======================
Red Hat / Centos
On a Red Hat Enterprise Linux 6 system, just add your certificate authority file(s) to the directory /usr/local/share/ca-certificates. For RHEL7 use the directory /etc/pki/ca-trust/source/anchors. On both systems you have to exectue the command/bin/update-ca-trust for update the certificate authority file.
=======================

has anybody done this? as i recall certification is mostly easy except for the various administrative issues i always run into.

 

[Quags]

There are updates to ca-certificates sometimes. Are you using self signed? That could be an issue then you may need to add your self signed root in here. Using letsencrypt though can avoid that.

 

[mark edwards]

thank you john.

it occurred to me (late) that when one is hosting multiple websites on one server, we really should not use one "global" certification, and maybe each website needs its own unique certification as specified in the unique php.ini file.

for now, i still have the checking disabled (lets hope i dont forget it)

my certification company was StartSSL.com but they have been running into trust issues. if they dont get it resolved soon, i will have to look at alternatives. i should look at LetsEncrypt...!