Hi John as far as I understand, you only added server CA in qgis auth configuration, and it's not enough to be authenticated by a fully SSL featured server, you need a client certificate identity that could be authorized by the server. Some identity that the server can trust. You have to add an identity certificate as in the guide: https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html#authentication-methods.
You only added a server CA that is useful in case you need to have a client side certification of the server to avoid Man-In-the-Middle attacks. BTW, with your server you don't need to be authenticated as you can see in the attached link. Just add a WMS service! https://dl.dropboxusercontent.com/u/12837459/Screenshot%20from%202017-01-03%2023-05-00.png Luigi Pirelli ************************************************************************************************** * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com * LinkedIn: https://www.linkedin.com/in/luigipirelli * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli * GitHub: https://github.com/luipir * Mastering QGIS 2nd Edition: * https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition ************************************************************************************************** On 3 January 2017 at 18:42, John Cartwright <[email protected]> wrote: > Thanks for your reply Luigi! To be clear, the WMS service that I’m trying > to connect to does not require a username/password but is only available via > https. The server (https://maps.ngdc.noaa.gov) has a valid CA certificate. > I tried adding a SSL Server Configuration (preferences -> authentication -> > Manage Certificates -> Server) and while the entry appears to be valid, I > still get the SSL Handshake error when trying add a WMS layer. > > Any further ideas? Here’s the actual URL I’m trying to add: > > https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS > > Thanks again for your help! > > —john > > > On Jan 2, 2017, at 1:52 AM, Luigi Pirelli <[email protected]> wrote: > > Hi John > > SSL is managed storing credentials using the QGIS Authentication > Manager that store credentials in the same way as Firefox, in a master > pwd crypted store in your $home/.qgis2/qgis-auth.db. > You should managed credentials using Settings->options->authentication. > > QGIS uses OpenSSL => and specifically can import different king of > credential method (using plugins => can be expanded). De default auth > method installed are listed in the documentation: > https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html > > what is you auth method? can you explain the workflow you followed to > store and use your credentials? > > regards > Luigi Pirelli > > ************************************************************************************************** > * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com > * LinkedIn: https://www.linkedin.com/in/luigipirelli > * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli > * GitHub: https://github.com/luipir > * Mastering QGIS 2nd Edition: > * > https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition > ************************************************************************************************** > > > On 29 December 2016 at 22:38, John Cartwright > <[email protected]> wrote: > > Hello All, > > I’m trying to use a WMS service over https and get the following error when > trying to connect: > > Failed to download capabilities: > Download of capabilities failed: SSL handshake failed > > The URL works fine in a browser though. I’m guessing that QGIS and the > server are not able to agree on a cipher suite. Can anyone tell me what > ciphers QGIS supports or any way to get more insight into the underlying > problem? > > QGIS is version 2.18.2. > > Thanks! > > —john > > _______________________________________________ > Qgis-user mailing list > [email protected] > List info: http://lists.osgeo.org/mailman/listinfo/qgis-user > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user > > _______________________________________________ Qgis-user mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
