I was experimenting with gdal_translate and WMS driver (http://gdal.org/frmt_wms.html). I was running FWTools2.4.7 on Windows Vista and I could make it to read my own WMS from localhost. Next I went on and had a try with our production server that must be accessed through https and basic authentication. I was guessing that it could be done by editing the ServerURL element in the service description XML file to be like
<ServerUrl>https://username:[email protected]/cgi-bin/ securedWMS?</ServerUrl> Is this correct? I feel it may be, but I stopped to the following error ERROR 1: GDALWMS: Unable to download block 0, 0. URL: https://username:[email protected]/cgi-bin/securedWMS? request=GetMap&version=1.1.0&layers=default&styles=&srs=EPSG:3067& format=image/jpeg&width=648&height=1024& bbox=70500.00000000,6728185.83184258,734500.00000000,7776760.00000000 HTTP status code: 0, error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE: certificate verify failed. I suppose this error may come from the sertificates we are using. They are not normally included in the list of trusted sertificates. With Java systems I need to add those sertificates manually into Java keystore. With command line wget and curl I can bypass the certificate check by using swithes --no-check-certificate (wget) or -k (curl). Because FWTools seems to contain libcurl.dll I was reading thoroughly this document http://curl.haxx.se/docs/sslcerts.html However, it starts to be late and I have not figured out how I could make gdal_translate to use my own certificate file that I now have in PEM format, or alternatively make it just to trust that our server is our server because I say so. Is there some hidden configuration option for this? -Jukka Rahkonen- _______________________________________________ gdal-dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/gdal-dev
