I'm stuck at my Debian configuration. The problem is as follow:
The internet connection is handled by a zScaler proxy server, performing TLS/SSL inspection. However, this causes applications to break.
I believed I narrowed it down to a SSL issue, because from command-line testing (e.g. curl, wget or openssl itself, I receive:
Verify return code: 20 (unable to get local issuer certificate)
Now, when I test with e.g. openssl and use the -CAfile parameter, it works:
sudo openssl s_client -CAfile /etc/ssl/certs/zScalerRootCA.crt -connect kimai.org:443 -proxy zscalerIP:port
the outcome is:
Verify return code: 0 (ok)
Meaning that when I point it directly to the certificate it works. However, the application I use (symfony php), is using the get_file_contents() function. This however times out. And I'm pretty sure it has to do with the same issue.
I've tried 100 things and I'm lost now. I just can't get it to work.
- Why do I have to tell openssl from command line to use that certificate (while it's in the certificate store)?
- How do I get e.g. get_file_contents() to work? (I want it to use the system environment and not hardcode it into the application)
I'm happy to share any config, no problem!