Thank you for visiting the Rackspace Community
The The Community is live! Post new content or topics so our teams can assist.

Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.

Rackspace Public Cloud: PHP-Opencloud SDK errors due to outdated Certificate Authority list

Rackspace Cloud recently rotated the SSL certificate for identity.api.rackspacecloud.com .

The Rackspace Cloud PHP SDK (PHP-Opencloud) is built on Guzzle, which uses its own certificate authority file. If the certificate authority file is outdated, you may see an error similar to 

Fatal error: Uncaught exception 'Guzzle\Http\Exception\CurlException' with message '[curl] 60: [url] https://identity.api.rackspacecloud.com/v2.0/tokens'

Solution:

Find and replace Guzzle's certificate authority file. For example, it might be located at:

 /var/www/www.website.com/site/library/apis/rollbar-php/vendor/guzzle/guzzle/src/Guzzle/Http/Resources/cacert.pem.

If you download the updated file here: https://curl.haxx.se/ca/cacert.pem and overwrite, it should resolve this issue. If not, we recommend opening an issue on the github repo.

Parents
  • If you are using the "php-opencloud" package with composer, it might be helpful to know that you can also provide a third argument when constructing the Rackspace (or OpenStack) class.

    Something like below as the third argument would use the trusted CA bundle that is installed on your system:

    $options = array(
        Guzzle\Http\Client::SSL_CERT_AUTHORITY => 'system',
    );

    We have updated our Symfony service XML file accordingly, and added the following (as third argument):

    <argument type="collection">
        <argument key="ssl.certificate_authority">system</argument>
    </argument>

    Hope this helps someone else that isn't to keen on editing a package installed via composer (or similar).

Reply Children
No Data