Using Tickers, Forecast, Twitter and other external resources that make use of HTTPS connections


#1

Using Tickers, Forecast, Twitter and other external resources that make use of HTTPS connections

It is easy to reference and use external sources in Xibo widgets such as Tickers, however special consideration may need to be taken when referencing resources provided over SSL (anything with HTTPS at the front of the Address).

Symptoms

You have added a Ticker/Twitter/Forecast media item which references a feed or uses resources served over HTTPS and nothing is shown. You have checked the logs and note a message similar to:

SSL certificate problem, verify that the CA cert is OK

or

Unable to reach Forecast API. No Host Found (HTTP Code 0). Curl Error = SSL certificate problem: unable to get local issuer certificate

The message originates from something called curl.

Explanation

curl is a PHP extension which allows the CMS to download resources from external sources like the Internet or a Local Network.

Any time Xibo uses curl it makes sure that it “Verifies the Peer”. In basic terms this means it checks to ensure whomever supplies the data is who they say they are.

Xibo does this because if something is served over HTTPS then it is reasonable to assume the returned information is sensitive and that it should be protected and verified.

The certificate problem error occurs because curl uses a bundle of “CA root certificates” to perform the verification and these certificates are missing on some installations. For example, these certificates are almost always missing on Windows Installations.

Resolution Windows Servers

The web server that hosts the CMS needs to be updated with the latest CA root certificates. This may sound complicated, but is actually very easy.

  1. Download the latest CA root certificate from the curl website and save it to your server drive as, for example, c:\php\cacert.pem.
  2. Edit the php.ini file for your PHP installation to tell curl where the root certificate is located. You will be adding a line that looks like curl.cainfo=c:\php\cacert.pem. If a similar line already exists, edit it to point to the correct location and ensure that it isn’t commented out. If the line doesn’t already exist, simply add a new line to the end of the file.
  3. Restart the web server.

If these steps still produce the same error, then the certificate signing the resource you have requested in invalid and you actually want the error to be thrown to protect your data.

Resolution Linux Servers

On most Linux distributions, it should be sufficient to install the ca-certificates package provided by your distribution and then restart your web server.

Further Reading

There are some excellent sources of further reading:


Forecast IO behind proxy
Ticker doesn't show xibo 1.7.3
Unable to reach Forecast API. No Host Found (HTTP Code 0). Curl Error = SSL certificate problem: unable to get local issuer certificate
Twitter Module Error
RSS and Clock module does not appear in windows client
Forecast IO does not appear
Xibo Modules - Reset to Default or uninstall/reinstall?
configuraciĂłn twitter
Problem with ticker module (Rss)
Forecast.io does not work with 1.7.7
HTTPS RSS Feeds doesent work
Twitter SSL Certificate Problem
Xibo CMS Post-Installation Setup Guide - 1.7 Series
Module twitter - images
cURL is used to fetch data from the Internet or Local Network and is required.?
Twitter widget needs configuration
Weather Module not working
Cannot get anything to show up in ticker - cms Version 1.7.6 client Version 1.7.6
Internet access issue with forecastio
Finance Module on Windows CMS Help Please?
Unable to reach Forecast API
Didn't show some data Twitter API
cURL on EasyPHP Devserver 16.1
Twitter Feed not showing in Client player
Default Layout fails?
Install on Windows Server 2012 R2
Twitter v 1.7.4
How to return a user's tweets?
Regions not displaying (static images are)
Twitter module displays no tweets
Weather IO Security?
No Weather showing with Forecast IO
Client Not Updating
Forecast IO does not appear
RSS feed with SSL
Unable to display HTTPS with ssl webside
Forecast IO not working after upgrade from 1.7.1 to 1.7.4
Trouble displaying the ticker
cURL is used to fetch data from the Internet or Local Network and is required
RSS Feed is not updating client is 1.7.2 and cms is 1.7.3
Unable to connect to remote server
Weather Module - just see a blank page - no weather informations
cURL error 7 port 443 Operation timed out
Twitter Error Module
What about ssl?
Weather Not Updating In Docker
RSS Feed - unable to get feed: cURL error 28
Small problem with RSS Ticker and stock module
Xibo weather module issues
Unable to retrieve external data
RSS doesn't work when connecting to https://
RSS Ticker wont work
Twitter Feed Setup
Weather not displaying
#2

Can't get weather module to work
Ticker wont show in layout
XIBO CMS 1.8.2 - No Twitter profile images