Introduction
This FAQ will explain the steps necessary to resolve issues using SSL certificates. This is not a how to on installing SSL certificates, this will help resolve issues with the use of one.
How do I know if I’m affected?
Users experiencing this issue will be unable to login. When attempting to login they will receive no error message stating they used an incorrect password/username and the fields will return to being blank as though the page was just refreshed.
You may also identify this issue through the apache/php error logs (Apache error log can be found at /var/log/apache2/error.log in Ubuntu). If you do have this issue you will most likely see an error like this in the log:
SSL Operation filed with code1. OpenSSL Error messages: error 1416F086:SSL routine:tls process server certificate verify failed in xxxxx\xxx\simplerisk\includes\services.php on line 30.
Users with display errors turned on using WAMP will most likely see something like this when they attempt to login:
How do I fix the issue?
The steps to fix this issue are relatively straightforward. To correct the issue we need to set PHP up to use the SSL cert. To do this we can download the curl certificate here.
Once you have the cert downloaded to the server you will now need to open up the php.ini. Depending on your installation this can be located in a few different places and based on version will change the name the directory it is located in. If you cannot locate it I suggest creating a file called phpinfo.php. Open your phpinfo file up and paste to the contents:
<?php phpinfo(); ?>
Now place this file in your virtualhost directory. If you have already setup SimpleRisk you can put it in the simplerisk directory and execute it from there by navigating to yourinstance/phpinfo.php. If this worked corrected you should see a PHP info page that looks like this:
The loaded php.ini will be listed as shown in the screenshot and you may move on to the next step.
Now open your php.ini and add the following line or replace this line if it already exists with the following:
openssl.cafile=/path/to/your/cacert.pem
Save the file and try to login to SimpleRisk again. If for any reason this does not resolve it or you are using a web proxy you will need to use your organizations cert in place of the cacert.pem. This means you will just need to point the php.ini at your cert to resolve the issue.
Last restart apache for the changes to go into effect.
Summary
This FAQ has gone over troubleshooting SSL issues with SimpleRisk, if this did not work for you or you feel the documentation requires more information or simply have further questions please contact us a support@simplerisk.com and we will be happy to help.