Page MenuHomePhabricator

Arcanist with self-signed SSL certificate

Asked by rubikonx9 on Nov 23 2015, 10:38 AM.


I have set up a fresh Phabricator install on Apache server.
I have successfully configured the virtual server to use SSL with self-signed certificate on address, on port 4433.
I have imported the certificate to the browser. Icon goes green.
So far, so good.

Now, locally, on a linux box (up-to-date Arch linux as virtual machine), I have installed arcanist.
I created an .arcconfig file with "phabricator.uri": "" entry.

arc diff yielded:


You are trying to connect to a server ( that you do not have any credentials stored for.

To retrieve and store credentials for this server, run this command:

$ arc install-certificate


arc install-certificate
Trying to connect to server...
Usage Exception: Failed to connect to server ( [cURL/60] ( <CURLE_SSL_CACERT> There was an error verifying the SSL Certificate Authority while negotiating the SSL connection. This usually indicates that you are using a self-signed certificate but have not added your CA to the CA bundle. See instructions in "libphutil/resources/ssl/README".

Ok. Some hours later, after reading quite a lot about SSL certs, I managed to import the certificate to OS with sudo update-ca-trust extract (as in here).

I verified it in two ways:

  1. $ curl -vvI, among other things it yielded SSL certificate verify ok.
  2. $ openssl s_client -showcerts -connect, it returned Verify return code: 0 (ok).

So I re-run arc install-certificate, and found that it's behaviour remained unchanged (There was an error verifying the SSL Certificate Authority while negotiating the SSL connection error).

I also tried modifying php.ini by setting curl.cainfo, but to no avail.

In the end, I used "https.blindly-trust-domains": [ "" ], and it works, but anyway - what makes arc not recognize the certs like other tools? Or, what am I doing wrong?

Thanks in advance.

New Answer