Unable to connect to WordPress due to self-signed certificate in cert chain

  • Author
    Posts
  • #1100751

    tseward
    Member

    I have JetPack installed on WordPress 3.5 which is running on IIS8. When I hit the “Connect to WordPress.com” button after installing JetPack, I receive:

    Jetpack could not contact WordPress.com: register_http_request_failed. This usually means something is incorrectly configured on your web host. SSL certificate problem: self signed certificate in certificate chain

    My site does not actually have an SSL certificate, but I would assume that this would be a trust issue between my Server 2012 VM and WordPress’ SSL cert chain itself, correct?

    The blog I need help with is naupliusblog.wordpress.com.

    #1100844

    zandyring
    Staff

    Hi there,

    You will want to check your SSL certification. If you don’t have one, you don’t actually have a problem. Jetpack will connect like normal, despite that kind of intimidating warning. If you do have one, it may need some reconfiguring.

    I hope that helps!

    #1100845

    tseward
    Member

    I don’t have any SSL cert in place for my blog on the Azure VM. JetPack won’t connect regardless — it always throws up that error.

    #1100850

    zandyring
    Staff

    Hi there,

    Hmmm… that’s interesting. Well, on my end, I ran your URL through our Jetpack connection test, and it came back sound as a pound. Are you able to see your Jetpack functionality, or is it as if it’s not connected at all?

    Cheers!

    #1100852

    tseward
    Member

    Sorry, I think that auto posted my URL that is hosted on WP. The URL I’m testing with did not have an A record (I was using a hosts file since it is just for testing purposes). I’ve created an A record and will try again in a little while.

    #1100853

    tseward
    Member

    So I’ve tried again with an A record in place and still no-go. All of the features just say “Learn More”. In my Azure Web Site’s instance of WP, I think some of the features had configuration/settings button (I forget off-hand).

    URL is sptest.nauplius.net

    #1100877

    zandyring
    Staff

    Hmmm,

    I don’t see a connection for that URL, either. Which makes me think your Jetpack is not working (as you suspected).

    Can you do the following:

    *Go to admin → Jetpack

    *At the bottom of the page, there’s a link called “Debug”. Click that link.

    *Some arcane debugging information should appear. Copy and paste that information to us.

    I’m particularly interested in the line that starts with “CERT”.

    Additionally, you should switch your theme temporarily to Twenty Eleven and turn off any other plugins you have while we get your Jetpack correctly configured.

    Sorry for all the extra rigamarole!

    #1100880

    tseward
    Member

    This is sensitive information. Please do not post your BLOG_TOKEN or USER_TOKEN publicly; they are like passwords.

    CLIENT_ID:
    BLOG_TOKEN:
    MASTER_USER:
    CERT: 0
    TIME_DIFF:
    VERSION: 2.0.4:1355983592
    OLD_VERSION: 2.0.4:1355983592
    PUBLIC:
    USER_ID: 1
    USER_TOKEN:
    PHP_VERSION: 5.4.9
    WORDPRESS_VERSION: 3.5

    Note values that are blank are actually blank and not removed by me :)

    Current Theme
    Twenty Eleven

    By the WordPress team Version 1.5

    Looks like I’ve been using that theme all this time.

    #1100881

    tseward
    Member

    Also, no other plugins are enabled. The only other plugin installed is Akismet, but updated from the one included with the WP install.

    #1100885

    zandyring
    Staff

    Great, thank you for this!

    So apparently this error is caused by extra whitespace somewhere in the config file. The solution is the same as with this error message (detailed instructions at the link):
    http://codex.wordpress.org/Answers-Troubleshooting#Headers_already_sent

    I know the error is different, but I am assured that you should be able to solve the issue by following those steps :)

    Let me know how it goes!

    #1100886

    tseward
    Member

    FYI I applied an SSL certificate from StartCom (which is generally trusted) and changed my WP address to https://<same domain>, keeping the blog URL the same. No dice and the CERT is still “0”.

    #1100887

    tseward
    Member

    AH thanks for the follow up, I’ve been using WordPad since it correctly parses UN*X-style carriage returns, unlike Notepad. I’ll have to install Notepad++ :) I’ll let you know how it turns out.

    #1100888

    tseward
    Member

    So I am still running into the same issue. I downloaded the WordPress zip file again, grabbed wp-config-sample.php and modified that with my current wp-config values, then changed the file name and overwrote my existing wp-config.php file.

    Also uninstalled/reinstalled JetPack with no luck.

    #1100891

    tseward
    Member

    One thing I noted was that the wp-config and wp-settings don’t have a closing ?> tag. I figured this was normal due to the default files being this way.

    #1100896

    zandyring
    Staff

    I do know that the closing ?> tag isn’t necessary in PHP. And that was news to me! But another user pointed it out on a thread I was helping with, and our internal team clued me in. :)

    I’m running your issue down with the internal team, and I’ll circle back around with you when I know more :)

    #1100898

    zandyring
    Staff

    Hi again,

    They have asked me to ask you to go ahead and completely delete your Jetpack from within WordPress, then go download a fresh copy and install it.

    Let me know how it goes!

    #1100899

    tseward
    Member

    Already did that, prior to installing the SSL cert though. I’ll try it again.

    #1100900

    tseward
    Member

    Same issue with deleting/reinstalling.

    #1100903

    tseward
    Member

    So when I run a netmon trace, it looks like I’m getting:

    TLS: TLS Rec Layer-1 Encrypted Alert

    Hex:

    54 7F EE 53 98 C1 00 15 5D 46 B9 46 08 00 45 02 00 2F 51 40 40 00 80 06 56 30 0A 4C FE 44 4C 4A FE 7B C1 07 01 BB C0 76 1D 1A C2 0C B5 A8 50 18 01 FE FA 62 00 00 15 03 01 00 02 02 30

    30 hex (40 decimal) translates to “unknown_ca” in the TLS spec. This would be during the handshake with the SSL cert *.wordpress.com which jetpack.wordpress.com leverages.

    Even though I’ve imported the appropriate Intermediate (Go Daddy) and Root CA (Starfield Technologies) certs into my Local Machine trusted store on Server 2012, the issue persists. Not sure where to go from here.

    #1100904

    tseward
    Member

    That should be “48 decimal”, not 40.

The topic ‘Unable to connect to WordPress due to self-signed certificate in cert chain’ is closed to new replies.