Thread:Extension talk:OpenID/https:// OpenID provider

On many MediaWiki sites with this extension, if you login create an account using OpenID, you can simply specify you OpenID provider and type your OpenID username but it only works as long as the URL prefix is http not https. --MyrtonosTry liquid theads 11:41, 14 February 2011 (UTC)


 * As far as I have checked it, it works with https:// if the provider (check with https://pip.verisignlabs.com ) has a correct certificate.
 * i) If the provider server does not have a certificate which is regarded as valid, then the consumer wiki server, i.e. the wiki where you have this extensions installed, throws an internal error during the "curl" action when negotiating with the OpenID server like saying that "ERROR: Certificate verification error for www.domain.com: self signed certificate ERROR: certificate common name `88.888.888.888' doesn't match requested host name `www.domain.com'. To connect to www.domain.com insecurely, use `--no-check-certificate'. Unable to establish SSL connection." or the like. You will see this or another error in /etc/apache2/error.log, or try on the commandline wget or curl  and see the error messages. Thus you cannot use a signed-by-your-own certificate on self-made ssl OpenID server. Curl and wget have an option "--no-check-certificate" but this changes the ERROR into an WARNING.
 * Other reasons: ii) if your consumer wiki is in an intranet, a proxy server may prohibit a proxy connection to the OpenID provider; iii) check your firewall settings.
 * Please check the OpenID extension for example with an OpenID which you created on verisignlabs, perhaps this works then.--Wikinaut 13:45, 14 February 2011 (UTC)
 * Does MyOpenID have a correct certificate, that was the provider I was thinking of. --MyrtonosTry liquid theads 07:12, 15 February 2011 (UTC)
 * Yes, I think so. It is issued by Equifax Secure Inc.. --Wikinaut 20:40, 16 February 2011 (UTC)