I changed the SSL certificate and authenticate_with_app now fails

Follow

Miguel

• October 19, 2015 20:13

Hi

My server was working fine with the API, but today I changed the SSL certificate in the server (to a wildcard EssentialSSL), and now, the calls to authenticate_with_app (php client) just fail (500 error).

I tried the same code with a different server (which has the old SSL certificate) and it works fine, so it must be something related to the SSL certificate.

Could it be something related to the access tokens? If so, how can I remove them from the server?

Many thanks in advance!

1

• 

  Miguel

  • October 19, 2015 20:35

  Just to give a bit more information, I am not using a Session Manager. The first call to autheticate_with_app just fails, not throwing any exception, but just breaking completely (returning a 500 server error).

  0

  Comment actions Permalink
• 

  Andreas Garnæs

  • October 20, 2015 07:17

  Hi Miguel,

  I suggest check to whether your new SSL certificate is set up correctly. SSL labs offer a pretty neat tool to verify that your TLS setup is correct: https://www.ssllabs.com/ssltest/index.html

  For a little faster solution openssl can be used as: openssl s_client -connect YOURDOMAIN:443 -showcerts to verify that the certificates are set up correctly.

  Best,
  Andreas

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 08:09

  Hi Andreas

  I tested the certificate using both the website you sent and the openssl command, and the certificate seems to be intalled correctly.

  Why would a SSL certificate affect the call authenticate_with_app anyways?

  Any other ideas? Is it possible to remove previous access tokens that might be cached? Should I remove the current API key and create a new one?

  Thanks.

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 08:23

  Right, I think I have made some progress.

  I looked for the PHP error log, and saw this message:

  "PHP Fatal error: Uncaught exception 'PodioConnectionError' with message 'Connection to Podio API failed: [77] Problem with the SSL CA cert (path? access rights?)'...."

  As I said, both the command and the website say that the ssl certificate is properly installed. What else could I check?

  Many thanks.

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 08:26

  Could it be because the ssl path is catched in the access token or something like that?

  How could I revoke/remove all the podio access tokens on this server?

  0

  Comment actions Permalink
• 

  Andreas Garnæs

  • October 20, 2015 08:27

  Could you run the openssl command against api.podio.com from your server? The SSL path is not part of the token.

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 08:32

  Running the command against api.podio.com seems fine too:

  Verify return code: 0 (ok)

  Again, is it possible to revoke/remove all the access tokens in my server? Maybe by regenerating them the problems gets fixed

  0

  Comment actions Permalink
• 

  Andreas Garnæs

  • October 20, 2015 08:33

  You can go to https://podio.com/settings/clients to revoke access.

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 08:45

  But my API client is not listed there, only third party apps that connected to podio.

  0

  Comment actions Permalink
• 

  Andreas Garnæs

  • October 20, 2015 09:25

  I'm not sure what you mean by "access tokens" then. Can you clarify please?

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 09:32

  Well, I don't know either. I just know that when you authenticate agains podio using oauth, you get some kind of token, right?

  Could it be that the token I had before I updated the ssl certificate is still being used?

  The error I get seems to be related to the authentication, and perhaps the token:

  Error in Podio_lib::customer_exists: exception 'PodioConnectionError' with message 'Connection to Podio API failed: [77] Problem with the SSL CA cert (path? access rights?)' in ....../Podio/lib/Podio.php:259
  Stack trace:
  #0 /var/www/staging/Verticals/application/verticals/third_party/Podio/lib/Podio.php(107): Podio::request('POST', '/oauth/token', Array, Array)

  Any ideas about what else can I test? I think we are very close, but we are missing something...

  Thanks

  0

  Comment actions Permalink
• 

  Andreas Garnæs

  • October 20, 2015 09:44

  What happens if you curl https://api.podio.com? Could you try on a different machine?

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 09:47

  If I curl from the problematic machine I get:

  curl https://api.podio.com

  curl: (77) Problem with the SSL CA cert (path? access rights?)

  But if I do it from a different machine I get:

  curl https://api.podio.com

  {"documentation_url":"https:\/\/developers.podio.com\/"}

  This was the expected behaviour as the same code was working on this other server from the beginning.

  So it must be something related to curl. Is it perhaps caching the ssl certificate?

  0

  Comment actions Permalink
• 

  Andreas Garnæs

  • October 20, 2015 10:01

  It seems like a local problem with the machine. At this point, I suggest you google curl Problem with the SSL CA cert and try some of the solutions.

  0

  Comment actions Permalink
• 

  Miguel

  • October 20, 2015 10:05

  Right, it is fixed now. It was a problem with an outdated library.

  Many thanks for your help, and apologies because it was not related to Podio in the end.

  0

  Comment actions Permalink
• 

  Fermin Perdomo

  • July 19, 2016 20:46

  Hello, @Miguel G which library was outdated for you? i have the same issue and don't know how to fixed

  0

  Comment actions Permalink

Please sign in to leave a comment.