# Can not access any HTTPS sites.



## beamar (Sep 30, 2013)

Hello,

I'm still a little green with FreeBSD. I have a PHP script I am trying to use with an API. When the script tried to access the API site, it fails. After a little testing, I have come to the conclusion that I can't seem to access any HTTPS sites. I have even tried to load them in Webmin through the HTTP tunnel and it also fails. I don't believe I have any firewalls on, and I'm not sure where to start. Does it have something to do with OpenSSL? I tried messing with that and had no luck. I am not hosting a HTTPS site, just trying to access one that is not local. Any ideas on where to start?

Thanks,
Brian


----------



## ShelLuser (Sep 30, 2013)

There are two important factors to keep in mind here: https support within PHP and the option to actually access https enabled websites (port 443) using your server.

The latter can be easily checked by installing something like www/lynx (my favourite) or www/links. Both are console, text-only, browsers and both will support https. When you installed either of them you can simply check if this is usable at all by using something like: `lynx [url=https://google.com]https://google.com[/url]`.

The next part is making sure that PHP supports https which is a different issue. I have no idea here since I don't use PHP myself (at least as little as possible ) but this might be a good read.

I could imagine that for the first example you'd need something like ftp/php5-curl (I'm using php5, but you might need another version depending on your system).

Hope this can give you some ideas.


----------



## beamar (Sep 30, 2013)

I posted more info than I should have. The problem is related to SSL, not scripting.

@ShelLuster, I tried what you suggested, and this is the error I received:


```
SSL error:unable to get local issuer certificate-Continue? (y)
```


----------



## ShelLuser (Oct 1, 2013)

beamar said:
			
		

> @ShelLuster, I tried what you suggested, and this is the error I received:
> 
> ```
> SSL error:unable to get local issuer certificate-Continue? (y)
> ```


What exactly did you try?

Note that I gave two suggestions in my previous message. Since this error doesn't look familiar to me I'll have to ask to be a little more specific.


----------



## beamar (Oct 1, 2013)

ShelLuser said:
			
		

> What exactly did you try?
> 
> Note that I gave two suggestions in my previous message. Since this error doesn't look familiar to me I'll have to ask to be a little more specific.




`lynx [url=https://google.com]https://google.com[/url]`


The error I posted earlier is from the above command.


Pretty sure it has something to do with my SSL certificates. I didn't want to waste a ton of time on it, so I just threw it on a Windows IIS server and it worked out of the box. :\

Thanks for your help,
Brian


----------



## ShelLuser (Oct 2, 2013)

Either SSL certificates or the browser itself (when using HTTPS lynx uses OpenSSL for support. If it can't find any root certificates then this can happen).

Even so; the fact that it gives you this warning shows us that this isn't a firewall or routing issue of some sort; lynx was able to utilize port 443 (HTTPS).

My guess at this time: your system doesn't have security/ca_root_nss installed. This is a collection of the CA root certificates which are also used in the Mozilla NSS library. And those root certificates will be required by any software which tries to set up an encrypted (HTTPS) connection.

Hope this can help.


----------



## cuq (Oct 4, 2013)

May be you have not installed the OpenSSL extension in lang/php53-extensions.


----------

