Amazon S3 error 60 SSL certificate even with curl.cainfo configured and working on simple example.

[aluneau]

Steps to reproduce

1. Administration
   2.Storage
   3.Add amazon S3 storage

Expected behaviour

Connection happens successfully.

Actual behaviour

Error 60 curl certificate not trusted.

Server configuration

Operating system: Centos 7

Web server: Apache2

Database: SQLite

**PHP version:**7.2

ownCloud version: (see ownCloud admin page)10.0.8

Updated from an older ownCloud or fresh install: fresh install

Where did you install ownCloud from: https://download.owncloud.org/

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/...
Amazon S3
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

**Browser:**Chrome 67

Operating system: Windows

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

[ownclouders]

GitMate.io thinks possibly related issues are #18183 (config amazon s3 error), #28840 (-Error-), #26902 (error), #23634 (Federation - cURL and SSL error), and #6724 (Amazon S3 does not work).

[DeepDiver1975]

10.0.9 will update the ca bundle - this shall fix this from my pov.

You can manually drop in the ca for testing purpose: #31734

[aluneau]

I don't think it will fix the problem for me because I use a self signed certificate.
I try to :

• put 'enable_certificate_management' => true,' and upload the certificate from the interface (my certificate is working i tested it with curl and curl in php)
• append my certificate at the end of: sources/config/ca-bundle.crt
• put my certificate in ca.info in my php.ini

All of that results always in the same error: 60: Peer's certificate issuer has been marked as not trusted by the user.

I don't know what I can do...

[DeepDiver1975]

I don't think it will fix the problem for me because I use a self signed certificate.

Ah - you are NOT trying to connect to Amazon S3?

put 'enable_certificate_management' => true,' and upload the certificate from the interface (my certificate is working i tested it with curl and curl in php)

this should work then ..

[aluneau]

It's a amazon S3 protocol but not a real Amazon S3.

I verified that my certificate was in data/external_files/upload and it was. The format is a .pem and it is working correctly in curl (php/command line)

Is it normal that the certificate disapear from the administration console ?

[DeepDiver1975]

I consider this not a bug - in order to find help: can I ask you to head over to https://central.owncloud.org/

There are a lot of users and some of them might already been facing this issue.

[DeepDiver1975]

see search: https://central.owncloud.org/search?q=ssl%2060

[DeepDiver1975]

sounds like exactly your scenario - https://central.owncloud.org/t/theres-no-button-to-create-an-external-storage/4268

[DeepDiver1975]

let's reopen this in case there is no solution in central.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.