Hi there, any assistance here would be great. I’m running into an issue with SSL where a site cannot communicate with itself or other sites on the same server via SSL. Specifically, a cURL request to an https url fails with "string(69) “SSL certificate problem: self signed certificate in certificate chain”.
I would love to correct this security hole as it is important.
My current setup is that I have my SSL set to Full (Strict) and the Origin Server Certificate installed correctly as the site functions generally perfectly with SSL.
Well, the generally accepted way to get information out of a database environment is through a secure API. The end game is multiple sites and apps will query the API for information. In this particular case the site that needs the information happens to sit on the same server. Which is rejecting the SSL.
Because essentially the sites are isolated from one another as per having different accounts on WHM. And that the correct way of pulling information out of a DB and into a site would generally be via an API / JSON in this case.
A Cloudflare origin cert is issued/trusted by Cloudflare and meant to be used behind Cloudflare. So unless the local machine (or any machine accessing the site directly) trusts that cert it would generate an error.
Just to dig a bit deeper / expand I created an account on a different WHM / cPanel server called test.sketchad-development.com, put the same files in there, installed the same CloudFlare Origin Certificate and it functions correctly. I get a correct response.
So now we’ve got conflicting replies. Because cURL can seem to trust the cert because of the response above and it isn’t directly behind CloudFlare. It’s the same system (WHM / cPanel) and setup as the original server: https://api.sketchad-development.com/secure-curl-local-secure.php
You were not connecting to the public hostname but to localhost. The former is actually even worse architecture-wise but will get you a proper certificate.
Again, I strongly advise against that setup but if you insist on doing it that way you should - as I already explained - either use HTTP or add the root certificate to the trust store.
In that case you shouldnt have received that error message. You might have some DNS resolution issue. Unfortunately that is somewhat beyond the forum’s scope however.
If you didnt connect directly but via Cloudflare, the root certificate wont help. You need to debug your cURL connection, StackExchange might be help in this case.