Certificate Error when hosting simplesamlphp on plesk environment: unable to load certificate/public key when requesting SP metadata
623 views
Skip to first unread message
Michael O'Brien
May 19, 2017, 11:12:05 AM5/19/17
to SimpleSAMLphp
What are you trying to do?
Configure SimpleSaml to authenticate wordpress on Plesk hosting environment.
What have you done?
I have installed simplesaml into clean (no wordpress) httpdoc directory on plesk and pass the sanity check + required and recommended php settings. The default-sp does point me to the WAYF service I want to use. I can authenticate with the simplesaml admin password
I generated server.cert and server.key on Windows using
c:\OpenSSL-Win64\bin>openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out server.cert -keyout server.key
and uploaded them via Plesk's file manager to httpdoc/cert/
Permissions listed on plesk for server.cert and server.key are rw- r-- r--
Is there anything wrong?
When I attempt to access the SP metadata I get the error about unable to load certificate
When I attempt to access the SP metadata I get the error about unable to load certificate
Backtrace:0 /var/www/vhosts/mydomain/httpdocs/www/module.php:180 (N/A)Caused by: Exception: authsources['default-sp']: Unable to load certificate/public key from file "/var/www/vhosts/mydomain/httpdocs/cert/server.crt".Backtrace:3 /var/www/vhosts/mydomain/httpdocs/lib/SimpleSAML/Configuration.php:1246 (SimpleSAML_Configuration::getPublicKeys)2 /var/www/vhosts/mydomain/httpdocs/lib/SimpleSAML/Utils/Crypto.php:241 (SimpleSAML\Utils\Crypto::loadPublicKey)1 /var/www/vhosts/mydomain/httpdocs/modules/saml/www/sp/metadata.php:110 (require)
0 /var/www/vhosts/mydomain//httpdocs/www/module.php:137 (N/A)
Is there anything you don't understand?
Do I need to supply specific details to openssl which match my entity/Service Provider
What could be causing this certificate message
Also as a newb
Is it safe/secure to keep all simplesaml files in httpdoc
When deploying wordpress to the same vhost can I use the web root (httpdoc), need to use the simplesaml www folder or is additional configuration required of simple saml first?
how do I change the salt in config.php without locking myself out as SimpleSaml admin?
Regards
Michael
Message has been deleted
Michael O'Brien
May 23, 2017, 12:02:59 PM5/23/17
to SimpleSAMLphp
Issue was the filename of the cert file didn't match the config value.
Also needed to create a symlink but that was completed by the hosting provider
Peter Schober
May 23, 2017, 5:21:14 PM5/23/17
to SimpleSAMLphp
* Michael O'Brien <mobrien....@gmail.com> [2017-05-23 18:03]:
server.crt issue earlier.
> Also needed to create a symlink but that was completed by the
> hosting provider
Actually the symlink method is just a workaround to the documented
method of setting an Alias in the web server (to SSP's "www"
directory). But I guess you'd have needed help from the hosting
provider for that, too. ;)
(Wheras symlinks usually can be created by the user herself, otherwise
it wouldn't be a workaround at all. But I guess there might be fringe
cases where that's still the only option...)
Anyway, glad you could get it to work.
-peter
> Issue was the filename of the cert file didn't match the config value.
I didn't have the time available to notice your server.cert !=
server.crt issue earlier.
> Also needed to create a symlink but that was completed by the
> hosting provider
method of setting an Alias in the web server (to SSP's "www"
directory). But I guess you'd have needed help from the hosting
provider for that, too. ;)
(Wheras symlinks usually can be created by the user herself, otherwise
it wouldn't be a workaround at all. But I guess there might be fringe
cases where that's still the only option...)
Anyway, glad you could get it to work.
-peter
Reply all
Reply to author
Forward
0 new messages