Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67481

Conditions for "It seems that the certificate chain is invalid" warning generating.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.5.9
    • Fix Version/s: None
    • Component/s: Web Services
    • Affected Branches:
      MOODLE_35_STABLE

      Description

      The mechanism in Moodle will complain if the chain contains ROOT certificate.

      This test will fail:

      // Check the chain.
      if ($expectedissuer !== null) {
          if ($expectedissuer !== $cert['Subject'] || $cert['Subject'] === $cert['Issuer'])

      {         $warnings[] = ['invalidcertificatechainwarning', 'tool_mobile'];     }

      }

      //admin/tool/mobile/classes/api.php::get_potential_config_issues()

      The ROOT certs are optional in chain but many providers of SSL add them, so there should be no reason why Moodle complains.
      Some argue that having the root in chain adds to latency, but I doubt it justifies the error in Moodle.

      We had the issue with the Moodle app related to the certificate chain.  We tried to log in to the Moodle app but was not getting authenticated.

      I've modified the chain for this site to not contain the ROOT and it resolved the issue.

      Probably this check is used in mobile app as well.

        Attachments

          Activity

            People

            Assignee:
            jleyva Juan Leyva
            Reporter:
            pfranks Enovation Solutions
            Participants:
            Component watchers:
            Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: