Allow the use of ADS Base Maps served by HTTPS

Owned by Kim Stimpson
Last updated: 20 Dec, 2022 by Gavin Kelly
3 min read

Overview

If you find that the Studio Map Viewer is not showing your ADS Base Mapping, or if base map requests using a Base Map Source that acts as a WMS client for ADS, then it is probably because you are connecting to your ADS Base Maps using HTTPS and the certificate path is not understood by MapServer. In order to fix this, all that normally needs to be done is to ensure that MapServer has access to the latest root certificate bundle supplied with Curl.

Ensure that you are using V6.4 of MapServer as this should have a more up-to-date version of curl.exe which you will need for TLS protocols.

Step-by-step guide

Step 1 - Update OpenSSL

Ensure you have the latest version of OpenSSL installed from https://slproweb.com/products/Win32OpenSSL.html.

If you are using Mapserver to pass through a third-party URL, such as the aerial photos supplied by APGB, then you will need to add the site’s certificates using this command and then add the output to curl-ca-bundle.crt

Run this command to get the cert.

openssl s_client -showcerts -connect ogc.apps.midgard.airbusds-cint.com:443 > temp.crt

Step 2 - Update Curl

Ensure you have the latest version of Curl downloaded from https://curl.haxx.se/windows/. This will supply Curl in a zip file. From there copy the contents of the bin folder to somewhere sensible, like C:\Curl. This may come in useful in future if you need to troubleshoot connections manually. From this folder copy the file curl-ca-bundle.crt to a location that MapServer can read from, e.g. D:\MapServer\shared\certs\. This step should be repeated every time Curl is updated.

Step 3 - Update Environment Variables

In order to make sure that MapServer knows where the certificate is we need to add an Environment Variable called CURL_CA_BUNDLE with a value of the certificate path e.g. D:\MapServer\shared\certs\curl-ca-bundle.crt.

  • Find the Advanced System Settings 

  • Click on the Environment Variables... button.

  • Scroll through the list of System variables and if you cannot see one for CURL_CA_BUNDLE then click the New... button.

If the CURL_CA_BUNDLE already exists then check that the Value is pointing to the correct folder for your copied crt file i.e. D:\MapServer\shared\certs\curl-ca-bundle.crt

  • Enter CURL_CA_BUNDLE as the Variable name and the path to your copied crt file as the Variable value e.g. D:\MapServer\shared\certs\curl-ca-bundle.crt

  • Click OK to add new Variable, click OK again to close the Environment Variables dialog and OK again to close System Properties.

Step 4 - Set the Load User Profile setting for the MapServer application pool to True

  • Open IIS and click on the Application Pools node.

  • Find the MapServer entry and click on the Advanced Settings... under the Actions panel.

  • Find the Load User Profile entry under the Process Model sub heading and set the value to True

  • Click OK to update the setting.

If you had to change this setting you will need to Stop and Start the MapServer Application Pool to use the new value.

  • Select the MapServer Application Pool and then click Stop under the Actions panel.

  • When the Status has changed to Stopped then click Start under the Actions panel.