Client set up to access a secure WXS server

[nsavard]

This ticket describes the steps to set up a client to access a WXS secure server. This information could be added to the relevant documentation section.

Requirements:

MapServer 5.4.1
Curl with SSL support

Download the CA bundle file "cacert.pem" found at ​http://curl.haxx.se/docs/caextract.html or if you have the Curl source you could create the CA bundle by executing "make ca-bundle" or "make ca-firefox" (if you have Firefox and the certutil tool installed). If you used the second choice, the bundle file will be named ca-bundle.crt and will be found in the lib directory. See ​http://curl.haxx.se/docs/caextract.html for more details. Set the CURL_CA_BUNDLE environment variable to point out to the bundle file (export CURL_CA_BUNDLE=/path/to/my-ca-bundle.ext where my-ca-bundle.ext could be cacert.pem or ca-bundle.crt)

Get the server certificate by executing this command: openssl s_client -connect xxxxx.com (e.g. localhost:port). Copy all from "-----BEGIN CERTIFICATE-----" tag to "-----END CERTIFICATE-----). Paste at the end of the my-ca-bundle.ext file.

Verify your connection with the Curl command line: curl https://localhost:port/gmap-demo/gmap75.phtml

Edit you map file to add the WMS connection URL for example:

  CONNECTION "https://localhost:port/cgi-bin/mapserv?map=/path/to/gmap/htdocs/gmap75_wms.map"
  CONNECTIONTYPE WMS

Note: You have to use the exact same domain name as the one appearing in the "Common Name" prompt when generating the remote server certificate. You cannot use the remote server ip for instance. It means that the following URL is not acceptable.

  CONNECTION "https://192.168.4.149:port/cgi-bin/mapserv?map=/path/to/gmap/htdocs/gmap75_wms.map"
  CONNECTIONTYPE WMS