Post

3 followers Follow
1
Avatar

I changed the SSL certificate and authenticate_with_app now fails

Hi

My server was working fine with the API, but today I changed the SSL certificate in the server (to a wildcard EssentialSSL), and now, the calls to authenticate_with_app (php client) just fail (500 error).

I tried the same code with a different server (which has the old SSL certificate) and it works fine, so it must be something related to the SSL certificate.

Could it be something related to the access tokens? If so, how can I remove them from the server?

Many thanks in advance!

Miguel

Please sign in to leave a comment.

16 comments

0
Avatar

Just to give a bit more information, I am not using a Session Manager. The first call to autheticate_with_app just fails, not throwing any exception, but just breaking completely (returning a 500 server error).

Miguel 0 votes
Comment actions Permalink
0
Avatar

Hi Miguel,

I suggest check to whether your new SSL certificate is set up correctly. SSL labs offer a pretty neat tool to verify that your TLS setup is correct: https://www.ssllabs.com/ssltest/index.html

For a little faster solution openssl can be used as: openssl s_client -connect YOURDOMAIN:443 -showcerts to verify that the certificates are set up correctly.

Best,
Andreas

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

Hi Andreas

I tested the certificate using both the website you sent and the openssl command, and the certificate seems to be intalled correctly.

Why would a SSL certificate affect the call authenticate_with_app anyways?

Any other ideas? Is it possible to remove previous access tokens that might be cached? Should I remove the current API key and create a new one?

Thanks.

Miguel 0 votes
Comment actions Permalink
0
Avatar

Right, I think I have made some progress.

I looked for the PHP error log, and saw this message:

"PHP Fatal error: Uncaught exception 'PodioConnectionError' with message 'Connection to Podio API failed: [77] Problem with the SSL CA cert (path? access rights?)'...."

As I said, both the command and the website say that the ssl certificate is properly installed. What else could I check?

Many thanks.

Miguel 0 votes
Comment actions Permalink
0
Avatar

Could it be because the ssl path is catched in the access token or something like that?

How could I revoke/remove all the podio access tokens on this server?

Miguel 0 votes
Comment actions Permalink
0
Avatar

Could you run the openssl command against api.podio.com from your server? The SSL path is not part of the token.

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

Running the command against api.podio.com seems fine too:

Verify return code: 0 (ok)

Again, is it possible to revoke/remove all the access tokens in my server? Maybe by regenerating them the problems gets fixed

Miguel 0 votes
Comment actions Permalink
0
Avatar

But my API client is not listed there, only third party apps that connected to podio.

Miguel 0 votes
Comment actions Permalink
0
Avatar

I'm not sure what you mean by "access tokens" then. Can you clarify please?

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

Well, I don't know either. I just know that when you authenticate agains podio using oauth, you get some kind of token, right?

Could it be that the token I had before I updated the ssl certificate is still being used?

The error I get seems to be related to the authentication, and perhaps the token:

Error in Podio_lib::customer_exists: exception 'PodioConnectionError' with message 'Connection to Podio API failed: [77] Problem with the SSL CA cert (path? access rights?)' in ....../Podio/lib/Podio.php:259
Stack trace:
#0 /var/www/staging/Verticals/application/verticals/third_party/Podio/lib/Podio.php(107): Podio::request('POST', '/oauth/token', Array, Array)

Any ideas about what else can I test? I think we are very close, but we are missing something...

Thanks

Miguel 0 votes
Comment actions Permalink
0
Avatar

What happens if you curl https://api.podio.com? Could you try on a different machine?

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

If I curl from the problematic machine I get:

curl https://api.podio.com

curl: (77) Problem with the SSL CA cert (path? access rights?)

But if I do it from a different machine I get:

curl https://api.podio.com

{"documentation_url":"https:\/\/developers.podio.com\/"}

This was the expected behaviour as the same code was working on this other server from the beginning.

So it must be something related to curl. Is it perhaps caching the ssl certificate?

Miguel 0 votes
Comment actions Permalink
0
Avatar

It seems like a local problem with the machine. At this point, I suggest you google curl Problem with the SSL CA cert and try some of the solutions.

Andreas Garnæs 0 votes
Comment actions Permalink
0
Avatar

Right, it is fixed now. It was a problem with an outdated library.

Many thanks for your help, and apologies because it was not related to Podio in the end.

Miguel 0 votes
Comment actions Permalink
0
Avatar

Hello, @Miguel G which library was outdated for you? i have the same issue and don't know how to fixed

Fermin Perdomo 0 votes
Comment actions Permalink