I have set up a fresh Phabricator install on Apache server.
I have successfully configured the virtual server to use SSL with self-signed certificate on address //some.host//, on port //4433//.
I have imported the certificate to the browser. Icon goes green.
So far, so good.
Now, locally, on a linux box (up-to-date Arch linux as virtual machine), I have installed //arcanist//.
I created an //.arcconfig// file with `"phabricator.uri": "https://some.host:4433"` entry.
`arc diff` yielded:
> Usage Exception: YOU NEED TO AUTHENTICATE TO CONTINUE
>
> You are trying to connect to a server (some.host) that you do not have any credentials stored for.
>
> To retrieve and store credentials for this server, run this command:
>
> $ arc install-certificate
Ok.
> `arc install-certificate`
> Trying to connect to server...
> Usage Exception: Failed to connect to server (https://some.host:4433/api/): [cURL/60] (https://some.host:4433/api/conduit.ping) <CURLE_SSL_CACERT> There was an error verifying the SSL Certificate Authority while negotiating the SSL connection. This usually indicates that you are using a self-signed certificate but have not added your CA to the CA bundle. See instructions in "libphutil/resources/ssl/README".
Ok. Some hours later, after reading quite a lot about SSL certs, I managed to import the certificate to OS with `sudo update-ca-trust extract` (as in [[ https://www.archlinux.org/news/ca-certificates-update/ | here ]]).
I verified it in two ways:
1. `$ curl -vvI https://some.host:4433`, among other things it yielded `SSL certificate verify ok.`
2. `$ openssl s_client -showcerts -connect some.host:4433`, it returned `Verify return code: 0 (ok)`.
So I re-run `arc install-certificate`, and found that it's behaviour remained unchanged (//There was an error verifying the SSL Certificate Authority while negotiating the SSL connection// error).
I also tried modifying `php.ini` by setting `curl.cainfo`, but to no avail.
In the end, I used `"https.blindly-trust-domains": [ "some.host" ]`, and it works, but anyway - what makes `arc` not recognize the certs like other tools? Or, what am I doing wrong?
Thanks in advance.