Unable to connect to WordPress due to self-signed certificate in cert chain

  • tseward · Member ·

    And some more detail… Modified the JETPACK__API_BASE URI from https:// to http://. In my browser, I then changed the URI from http:// to https:// manually, and then using my browser’s connection information, exported the certificate chain to a p7b. From there, I imported that cert chain to my server. I then set the JETPACK__API_BASE URI back to the default https://. Now I can get through to the point where it asks me to authorize JetPack against my WP account. When I click authorize, I’m passed back to my Control Panel but have this error and no JetPack-enabled features:

    Jetpack could not contact WordPress.com: token_http_request_failed. This usually means something is incorrectly configured on your web host.

    SSL certificate problem: self signed certificate in certificate chain

  • tseward · Member ·

    The values in debug for CLIENT_ID, BLOG_TOKEN, and PUBLIC now have a value. The USER_TOKEN says “[this user has no token]”.

  • tseward · Member ·

    If I change the JETPACK__API_BASE value from https to http, then I can get through the entire process (although IE throws mixed content warnings back on my WP control panel when viewing JetPack features). I’d really rather not leave it this way, and for now have disconnected from WP.

    This does appear to be a certificate trust issue with what root certificates Windows Server 2012 trusts, but it would be nice to get better information by those who control the *.wordpress.com SSL certificate. If they could provide the exact certificates that need to be imported to fully trust the WordPress wildcard certificate, that would be really helpful.

  • tseward · Member ·

    For another test I built a Server 2012 VM on my home machine (not hosted on Windows Azure) and repeated the installation steps. Same result with the untrusted certificate.

    It would really be nice to resolve this as I can’t move my blog over without the features of JetPack.

  • tseward · Member ·

    And one last try, I built a 2008 R2 VM running IIS7, PHP 5.3.19 and WinCache 1.3 with WordPress 3.5… same issue per Network Monitor. So it doesn’t appear to be limited to IIS8/Server 2012 hosts. From everything I can see, it appears to be an issue with the certificate chain for *.wordpress.com.

  • tseward · Member ·

    Any thoughts before I give up? I can connect successfully if I change from https:// to http://jetpack.wordpress.com in jetpack.php. My certificate does check out. After connecting, I’m able to change it back to https://, but I don’t know if I’m going to miss out on any functionality. After making this change, the JetPack Debug page can still connect to my blog, but the JetPack Compatibility Test Plugin still reports that there is a self signed certificate in the cert chain connecting to jetpack.wordpress.com.

    The only thing I can figure is that *.wordpress.com is sending an unnecessary root certificate (validated here: https://sslcheck.globalsign.com/en_US/sslcheck?host=jetpack.wordpress.com). This does seem to be the certificate that the NetMon trace breaks on.

  • zandyring · Staff ·

    Hi again,

    I’m so sorry for the very long delay – I’m not sure why I wasn’t alerted to your responses above. I’ve resubscribed to the thread…

    Anyway, since it looks like you’re still having the issue and it seems unlikely that it resolved on it’s own, could you run the compatibility plugin and see what happens?

    Cheers!

1 2
  • The topic ‘Unable to connect to WordPress due to self-signed certificate in cert chain’ is closed to new replies.