Using Tickers, Forecast, Twitter and other external resources that make use of HTTPS connections
It is easy to reference and use external sources in Xibo widgets such as Tickers, however special consideration may need to be taken when referencing resources provided over SSL (anything with HTTPS at the front of the Address).
You have added a Ticker/Twitter/Forecast media item which references a feed or uses resources served over HTTPS and nothing is shown. You have checked the logs and note a message similar to:
SSL certificate problem, verify that the CA cert is OK
Unable to reach Forecast API. No Host Found (HTTP Code 0). Curl Error = SSL certificate problem: unable to get local issuer certificate
The message originates from something called
curl is a PHP extension which allows the CMS to download resources from external sources like the Internet or a Local Network.
Any time Xibo uses
curl it makes sure that it “Verifies the Peer”. In basic terms this means it checks to ensure whomever supplies the data is who they say they are.
Xibo does this because if something is served over HTTPS then it is reasonable to assume the returned information is sensitive and that it should be protected and verified.
The certificate problem error occurs because
curl uses a bundle of “CA root certificates” to perform the verification and these certificates are missing on some installations. For example, these certificates are almost always missing on Windows Installations.
Resolution Windows Servers
The web server that hosts the CMS needs to be updated with the latest CA root certificates. This may sound complicated, but is actually very easy.
- Download the latest CA root certificate from the curl website and save it to your server drive as, for example,
- Edit the
php.inifile for your PHP installation to tell
curlwhere the root certificate is located. You will be adding a line that looks like
curl.cainfo=c:\php\cacert.pem. If a similar line already exists, edit it to point to the correct location and ensure that it isn’t commented out. If the line doesn’t already exist, simply add a new line to the end of the file.
- Restart the web server.
If these steps still produce the same error, then the certificate signing the resource you have requested in invalid and you actually want the error to be thrown to protect your data.
Resolution Linux Servers
On most Linux distributions, it should be sufficient to install the
ca-certificates package provided by your distribution and then restart your web server.
There are some excellent sources of further reading: