trouble report w/ safari

2 views
Skip to first unread message

danbri

unread,
Oct 15, 2010, 12:14:47 PM10/15/10
to openid4.me
Hello!

Nice tool :) But trying to use it today, I get an error...

So first I made a webid on foaf.me, 'danbri5'. This in OSX, initially
Chrome, and the certs are in system keychain utility.

Then in Safari I tried to use the openid support at http://wiki.foaf-project.org/
... and just put 'openid4.me' as the openid. This gives a
correct looking challenge, http://i.imgur.com/pkwYl.png ... but when i
click through, I get

https://openid4.me/index.php/trust
Safari can’t open the page.
Safari can’t open the page “https://openid4.me/index.php/trust
because Safari can’t establish a secure connection to the server
openid4.me”.

(reloading just repeats this)

If I try in Chrome instead, I get
"SSL connection error.

Unable to make a secure connection to the server. This may be a
problem with the server, or it may be requiring a client
authentication certificate that you don't have."

Thanks for any help!

cheers,

Dan

ps. is the code available / opensource / complex to run? I want to
make foaf wiki to be webid-friendly, but don't want to have too many
external dependencies...

Akbar Hossain

unread,
Oct 15, 2010, 2:24:44 PM10/15/10
to open...@googlegroups.com
Hi Dan,

I think the SSL certificate on openid4.me expired today!
That is most likely the problem. I had to add exceptions to my browser just to hit
https://openid4.me  (but having added the exception it seems to be working  for me atleast)

Ill get a new certificate put on there shortly. Sorry for the inconvenience and let you know when its in place
so you can test it out. You shouldnt need to add exceptions or play with your settings.
Let me get a new certificate and then let you test again as it might be something else in your set up.

In  response to your ps.

Yes the code is opensourced.
It here: http://github.com/akbarhossain/openid4me
In terms of running a server.
libAuthnetication uses ARC which needs mysql.
You also need an SSL certificate and connection. The certificates are easy enough to get from startssl.org
I am currently  experimenting with SSLStrictSNIVHostCheck otherwise you might need a dedicated IP address depending  on your hosting.
The bulk of the code is actually the Janrain example openid 2.0 server.
As you will see it not really a single php file implementation of  an openid server which was what I started  looking  at when I first thought about fusing WebID and OpenID.

Thanks and sorry you hit this issue.

Dan Brickley

unread,
Oct 16, 2010, 5:57:25 AM10/16/10
to open...@googlegroups.com
Hi Akbar,

On Fri, Oct 15, 2010 at 8:24 PM, Akbar Hossain <ma...@akbarhossain.com> wrote:
> Hi Dan,
>
> I think the SSL certificate on openid4.me expired today!

Ah, that would explain it!

> That is most likely the problem. I had to add exceptions to my browser just
> to hit
> https://openid4.me  (but having added the exception it seems to be working
> for me atleast)
>
> Ill get a new certificate put on there shortly. Sorry for the inconvenience
> and let you know when its in place
> so you can test it out. You shouldnt need to add exceptions or play with
> your settings.
> Let me get a new certificate and then let you test again as it might be
> something else in your set up.

Thanks for the quick response :)

> In  response to your ps.
>
> Yes the code is opensourced.
> It here: http://github.com/akbarhossain/openid4me
> In terms of running a server.

I realised it was on GitHub some seconds after sending my mail. But thanks...

ARC and mysql are easy requirements, so that's great.

Dedicated IP address - I'm using Amazon EC2, should be feasible, will
check the cost and options.

Actually I have a pile of sites on the same server just on http port
80; could that same IP address be used for *one* https service (eg. an
openid4me installation)? Or needs a whole other IP address, distinct
from anything else?

cheers,

Dan

Akbar Hossain

unread,
Oct 16, 2010, 6:16:19 PM10/16/10
to open...@googlegroups.com
Hi Dan,

I have just updated the certificate on openid4.me so hopefully you should be able to connect to https://openid4.me 
without connection exceptions.

Aside: I'm not 100% sure of the current status of Chrome (OSX) and WebID. 
There was a thread on foaf-protocols about the issue.
http://markmail.org/message/mmnycoqqjfm3clpk#query:+page:1+mid:ce6cbsk35obfif67+state:results
Not sure if this is fixed yet but that is likely to be the Chrome issue you reported.

Hopefully your Safari will work with the new certificate  in place.

By coincidence I was planning a move of openid4.me to an EC2 instance which I have just completed.
If you are only running one https service then it should be fine. On AWS assign an elastic IP if you havent
already done so against your instance.  I dont believe there are any additional costs if the IP is assigned.
If not then there is a charge I believe to disencourage people using up IPs.

Thanks
Reply all
Reply to author
Forward
0 new messages