Self signed ssl problems


#1

Hi i recently installed piwik 2 on an nginx/php-fpm config and had some trouble with self signed ssl.

i’m trying to unify the problems and different solutions i found on this thread

[ol]
[li] Piwik not traking / client ssl verification failure. to solve this you have to serve the traking files from a non-ssl domain.
[/li]see thread: 301 Moved Permanently
[li] the archive.php uses cURL and the ssl key verification will also fail.
[/li]i found the solution here: http://stackoverflow.com/questions/13180083/where-to-put-certificates-cacert-pem-for-curl
Basicaly: you need to add your self signed certificate to your sistem located in /usr/share/ca-certs,
edit /etc/ca-certificates.conf adding a new line with your certificate relative path and name
finaly run: update-ca-certificates as root to update your certs.
[/ol]

this are simple walkarounds. in a long term i suggest other solutions:
[ol]
[li] For the first problem and making it easier to separate in a webserver enviroment, even to increase the security, add some kind of seccond public_html folder where piwik is, and a second paralel public_html2 folder where the tracker software is. so you as user and admin acces on domain1 -> public_html and the js/piwik.php etc will be serverd from domain2->public_html2
[/li][li] For the seccond problem, since i also had some problems with my php-fpm (swegfaults etc, i will discus thos on another thread), please Don’t use cURL use php-cli direcly, a direct php-cli script that does the archiving proces.
[/li][/ol]