WordPress.org

Ready to get started?Download WordPress

Forums

SAML 2.0 Single Sign-On
cannot get CSR from parameter 1 (4 posts)

  1. tavdijkhuizen
    Member
    Posted 1 year ago #

    I can't seem to get the certificates in place.
    the 1.cer and 1.key file in the wp-content/uploads... folder are empty

    In the error.log i get:

    [Thu Jun 20 09:33:42 2013] [error] PHP Warning:  openssl_csr_sign() [<a href='function.openssl-csr-sign'>function.openssl-csr-sign</a>]: cannot get CSR from parameter 1 in /htdocs/dd18.nl/www/wp-content/plugins/saml-20-single-sign-on/lib/controllers/sso_sp.php on line 21
    [Thu Jun 20 09:33:42 2013] [error] PHP Warning:  openssl_pkey_export() [<a href='function.openssl-pkey-export'>function.openssl-pkey-export</a>]: cannot get key from parameter 1 in /htdocs/dd18.nl/www/wp-content/plugins/saml-20-single-sign-on/lib/controllers/sso_sp.php on line 26
    [Thu Jun 20 09:33:42 2013] [error] PHP Warning:  openssl_x509_export() [<a href='function.openssl-x509-export'>function.openssl-x509-export</a>]: cannot get cert from parameter 1 in /htdocs/dd18.nl/www/wp-content/plugins/saml-20-single-sign-on/lib/controllers/sso_sp.php on line 27

    http://wordpress.org/extend/plugins/saml-20-single-sign-on/

  2. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    This is most likely an error in PHP's ability to find your openssl.cnf file, which is required to use the openssl_csr_sign function. According to the PHP documentation (slightly edited for a *nix environment):

    PHP will search for the openssl.cnf using the following logic:

    • the OPENSSL_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
    • the SSLEAY_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
    • The file openssl.cnf will be assumed to be found in the default certificate area, as configured at the time that the openssl DLL was compiled. This is usually means that the default filename is /usr/local/ssl/openssl.cnf.

    So I would make sure you have an openssl.cnf file in a location that PHP expects to find it. Unfortunately, you'd have to run strace on your PHP process to definitively know know where it's looking.

    The alternative to that entire mess would be to generate the certificate and upload it yourself. This is a pretty straightforward tutorial for doing that: http://www.akadia.com/services/ssh_test_certificate.html. You can use the form in the admin portal or copy them to the uploads folder directly.

  3. capercrank
    Member
    Posted 1 year ago #

    You could eliminate the whole OpenSSL requirement by using phpseclib to generate CSR's. eg.

    http://phpseclib.sourceforge.net/x509/examples.html#csr

  4. ktbartholomew
    Member
    Plugin Author

    Posted 1 year ago #

    I had actually never seen that library before I started researching for this topic. It looks like a good library, and would definitely make the plugin more portable. I'll probably include it in a future update.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.