The problem is this:
We run a page that sends curl request to a remote https server. This failed since we moved the account to a new centos7 server.
It seems on centos7 /etc/pki/tls/certs/ca-bundle.crt is linked to /etc/pki/ca-trust/extracted/openssl/ca-bundle.crt which is not available to cagefs users.
We tried to add /etc/pki to /etc/cagefs/cagefs.mp and run cagefsctl --remount-all
but this doesn't help while /etc/pki/ca-trust is still not available to cagefs users.
We also tried to delete the /etc/pki/tls/certs/ca-bundle.crt link and put there a real file, however to cagefs users it's still being shown as a link.
finnaly we solved it with moving the bundle to the account directory and setting curl.cainfo="ca-bundle.crt" in it's php.ini.
However we want to solve this server wide.
Please advise.
We run a page that sends curl request to a remote https server. This failed since we moved the account to a new centos7 server.
It seems on centos7 /etc/pki/tls/certs/ca-bundle.crt is linked to /etc/pki/ca-trust/extracted/openssl/ca-bundle.crt which is not available to cagefs users.
We tried to add /etc/pki to /etc/cagefs/cagefs.mp and run cagefsctl --remount-all
but this doesn't help while /etc/pki/ca-trust is still not available to cagefs users.
We also tried to delete the /etc/pki/tls/certs/ca-bundle.crt link and put there a real file, however to cagefs users it's still being shown as a link.
finnaly we solved it with moving the bundle to the account directory and setting curl.cainfo="ca-bundle.crt" in it's php.ini.
However we want to solve this server wide.
Please advise.