mirror of
https://we.phorge.it/source/arcanist.git
synced 2024-12-01 19:22:41 +01:00
46 lines
1.7 KiB
Text
46 lines
1.7 KiB
Text
|
This document describes how to set Certificate Authority information.
|
||
|
Usually, you need to do this only if you're using a self-signed certificate.
|
||
|
|
||
|
|
||
|
OSX after Yosemite
|
||
|
==================
|
||
|
|
||
|
If you're using a version of Mac OSX after Yosemite, you can not configure
|
||
|
certificates from the command line. All libphutil and arcanist options
|
||
|
related to CA configuration are ignored.
|
||
|
|
||
|
Instead, you need to add them to the system keychain. The easiest way to do this
|
||
|
is to visit the site in Safari and choose to permanently accept the certificate.
|
||
|
|
||
|
You can also use `security add-trusted-cert` from the command line.
|
||
|
|
||
|
|
||
|
All Other Systems
|
||
|
=================
|
||
|
|
||
|
If "curl.cainfo" is not set (or you are using PHP older than 5.3.7, where the
|
||
|
option was introduced), libphutil uses the "default.pem" certificate authority
|
||
|
bundle when making HTTPS requests with cURL. This bundle is extracted from
|
||
|
Mozilla's certificates by cURL:
|
||
|
|
||
|
http://curl.haxx.se/docs/caextract.html
|
||
|
|
||
|
If you want to use a different CA bundle (for example, because you use
|
||
|
self-signed certificates), set "curl.cainfo" if you're using PHP 5.3.7 or newer,
|
||
|
or create a file (or symlink) in this directory named "custom.pem".
|
||
|
|
||
|
If "custom.pem" is present, that file will be used instead of "default.pem".
|
||
|
|
||
|
If you receive errors using your "custom.pem" file, you can test it directly
|
||
|
with `curl` by running a command like this:
|
||
|
|
||
|
curl -v --cacert path/to/your/custom.pem https://phabricator.example.com/
|
||
|
|
||
|
Replace "path/to/your/custom.pem" with the path to your "custom.pem" file,
|
||
|
and replace "https://phabricator.example.com" with the real URL of your
|
||
|
Phabricator install.
|
||
|
|
||
|
The initial lines of output from `curl` should give you information about the
|
||
|
SSL handshake and certificate verification, which may be helpful in resolving
|
||
|
the issue.
|