Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.
Rackspace Cloud recently rotated the SSL certificate for identity.api.rackspacecloud.com .
The Rackspace Cloud PHP SDK (PHP-Opencloud) is built on Guzzle, which uses its own certificate authority file. If the certificate authority file is outdated, you may see an error similar to
Fatal error: Uncaught exception 'Guzzle\Http\Exception\CurlException' with message '[curl] 60: [url] https://identity.api.rackspacecloud.com/v2.0/tokens'
Find and replace Guzzle's certificate authority file. For example, it might be located at:
If you download the updated file here: https://curl.haxx.se/ca/cacert.pem and overwrite, it should resolve this issue. If not, we recommend opening an issue on the github repo.
If you are using the "php-opencloud" package with composer, it might be helpful to know that you can also provide a third argument when constructing the Rackspace (or OpenStack) class.
Something like below as the third argument would use the trusted CA bundle that is installed on your system:
$options = array( Guzzle\Http\Client::SSL_CERT_AUTHORITY => 'system',);
We have updated our Symfony service XML file accordingly, and added the following (as third argument):
<argument type="collection"> <argument key="ssl.certificate_authority">system</argument></argument>
Hope this helps someone else that isn't to keen on editing a package installed via composer (or similar).
Additional instructions for troubleshooting SSL issues with Raxmon: community.rackspace.com/.../rackspace-public-cloud-raxmon-ssl-errors-due-to-out-of-date-certificate-authority
where this xml file locate?
It depends on how your application is set up. If you're using the Symfony framework (version 2.x or 3.x), you should have a "Resources" directory in which you will find a "config" directory. There you will find configuration files for your services.
Note that Symfony supports multiple configuration formats (like XML, YAML and PHP), so you might have to update the service configuration in a different file.