Changes between Initial Version and Version 1 of Ticket #3070


Ignore:
Timestamp:
Jul 8, 2009, 12:24:35 PM (15 years ago)
Author:
dmorissette
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #3070

    • Property Summary Client set up to access a secure WXS serverClient set up to access a secure WXS server with MapServer

  • Ticket #3070 – Description

    initial v1  
    1 This ticket describes the steps to set up a client to access a WXS secure server.  This information could be added to the relevant documentation section.
    2 
    3 Requirements:
    4 {{{
    5 MapServer 5.4.1
    6 Curl with SSL support
    7 }}}
    8 
    9 Download the CA bundle file "cacert.pem" found at http://curl.haxx.se/docs/caextract.html or if you have the Curl source you could create the CA bundle by executing "make ca-bundle" or "make ca-firefox" (if you have Firefox and the certutil tool installed).  If you used the second choice, the bundle file will be named ca-bundle.crt and will be found in the lib directory.  See http://curl.haxx.se/docs/caextract.html for more details.
    10  
    11 Set the CURL_CA_BUNDLE environment variable to point out to the bundle file (export CURL_CA_BUNDLE=/path/to/my-ca-bundle.ext where my-ca-bundle.ext could be cacert.pem or ca-bundle.crt)
    12 
    13 Get the server certificate by executing this command: openssl s_client -connect xxxxx.com (e.g. localhost:port).  Copy all from "-----BEGIN CERTIFICATE-----" tag to "-----END CERTIFICATE-----). Paste at the end of the my-ca-bundle.ext file.
    14 
    15 Verify your connection with the Curl command line:
    16 {{{curl https://localhost:port/gmap-demo/gmap75.phtml}}}
    17 
    18 Edit you map file to add the WMS connection URL for example:
    19 {{{
    20   CONNECTION "https://localhost:port/cgi-bin/mapserv?map=/path/to/gmap/htdocs/gmap75_wms.map"
    21   CONNECTIONTYPE WMS
    22 }}}
    23 Note:  You have to use the exact same domain name as the one appearing in the "Common Name" prompt when generating the remote server certificate.  You cannot use the remote server ip for instance.  It means that the following URL is not acceptable.
    24 {{{
    25   CONNECTION "https://192.168.4.149:port/cgi-bin/mapserv?map=/path/to/gmap/htdocs/gmap75_wms.map"
    26   CONNECTIONTYPE WMS
    27 }}}
    28 
    29 
    30 
    31 
    32 
    33 
    34 
     1This ticket is about documenting the steps to set up MapServer as a client to access a remote WXS server over https.  This information could be added to the relevant documentation section.