Add GeoJSON from a https URL on Windows fails due to a SSL certificate problem

[qgib]

Author Name: David Piles (David Piles)
Original Redmine Issue: 17947
Affected QGIS version: 3.4.4
Redmine category:data_provider

---

Trying to add a Geojson in QGIS Desktop from a url from the dialog add vector layer by protocol, gives error.
"Invalid data source https: // ......... .geojson is not a valid or recognized data source".
The same geojson, if I open it in local works, online gives that error.
It doesn't work with http, or with https.
If you copy the content of the geojson in the URI, it shows it to you.
It has not worked for me in the QGIS Desktop 2.18.14 and QGIS Desktop 2.18.16, windows versions.

---

• qgis.jpg (David Piles)

---

Related issue(s): #28717 (duplicates)
Redmine related issue(s): 20898

---

[qgib]

Author Name: David Piles (David Piles)

---

• assigned_to_id removed Luigi Pirelli

[qgib]

Author Name: Nyall Dawson (@nyalldawson)

---

Just a hunch - is this geojson from fulcrum?

Try this:

Inside QGIS, go to Options - System. Under "environment" add a new line, with

VARIABLE: GDAL_HTTP_USERAGENT
VALUE: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

ok out of options, restart qgis.

It'll work ok after that.

Seems like something at fulcrum is blocking the user agent used by gdal.

---

• status_id was changed from Open to Feedback

[qgib]

Author Name: Alessandro Pasotti (@elpaso)

---

• subject was changed from Ad GeoJSON from a URL to Add GeoJSON from a URL

[qgib]

Author Name: David Piles (David Piles)

---

Thx
As in the picture?
It doesn't work for me after restarting.

---

• 12097 was configured as qgis.jpg
• assigned_to_id was configured as Alessandro Pasotti

---

• qgis.jpg (David Piles) - Picture adding a new line under environment

[qgib]

Author Name: Alessandro Pasotti (@elpaso)

---

• assigned_to_id removed Alessandro Pasotti

[qgib]

Author Name: Richard Duivenvoorde (@rduivenvoorde)

---

You are not behind a proxy are you?

Can you provide the url you are testing? Or the json you receive when you download it in your browser?

As a test I just scribbled a line in http://geojson.io and save it on my homeserver: http://duif.net/test.json

That just works for me both in 2.18 and in master.

Can you check those (line around europe)

[qgib]

Author Name: David Piles (David Piles)

---

I'm not behind a proxi.
My GeoJSON is done through the menu "save as" QGIS, from a shp file.
Maybe there's the problem, the format in which QGIS mades and save geojsons.
Try this url: https://strageo.es/wp-content/uploads/datos/Testing_QGIS1.geojson
If you open directly in QGIS it works, but by the protocol method doesn't work.

[qgib]

Author Name: Richard Duivenvoorde (@rduivenvoorde)

---

Ok, confirmed here on a recent Windows osgeo4w64 build. In the message console it says:

2018-02-06T18:03:24	1	Data source is invalid (SSL certificate problem: unable to get local issuer certificate)

Seems the problem seems to be the httpS connection.
Will change the Subject

In Linux this works just fine.

To test on windows: http://duif.net/Testing_QGIS1.geojson works just fine.
https://duif.net/Testing_QGIS1.geojson does not load and shows error above

Tried to update to latest 2.18, but did not help.

Also tested current master/2.99 in same environment: Same problem!

QGIS version
2.99.0-Master
QGIS code revision
1a117cf
Compiled against Qt
5.9.2
Running against Qt
5.9.2
Compiled against GDAL/OGR
2.2.3
Running against GDAL/OGR
2.2.3
Compiled against GEOS
3.5.0-CAPI-1.9.0
Running against GEOS
3.5.0-CAPI-1.9.0 r4084
PostgreSQL Client Version
9.2.4
SpatiaLite Version
4.3.0
QWT Version
6.1.3
PROJ.4 Version
493
QScintilla2 Version
2.10.1
This copy of QGIS writes debugging output.

---

• subject was changed from Add GeoJSON from a URL to Add GeoJSON from a https URL on Windows fails due to a SSL certificate problem

[qgib]

Author Name: Richard Duivenvoorde (@rduivenvoorde)

---

Adding another observation:

Plain ogrinf generates the same error:

C:\osgeo4w64>ogrinfo https://duif.net/Testing_QGIS1.geojson
ERROR 1: SSL certificate problem: unable to get local issuer certificate
ERROR 1: SSL certificate problem: unable to get local issuer certificate
FAILURE:
Unable to open datasource `https://duif.net/Testing_QGIS1.geojson' with the following drivers.

[qgib]

Author Name: Tom Chadwin (@tomchadwin)

---

Does this help when trying ogrinfo:

--config GDAL_HTTP_UNSAFESSL YES

Source: https://toolkit.data.wa.gov.au/hc/en-gb/articles/115000819754

EDIT: A better source on gdal-dev, with input from Even is here:

https://lists.osgeo.org/pipermail/gdal-dev/2017-June/046714.html

[qgib]

Author Name: Luigi Pirelli (@luipir)

---

May you check a workaround in windows? In a win installation that expose the porblem, try to load the geojson in a Explorer (not other browser... only Explorer!)
Then try to load in QGIS as usual and verify if the error is still present.

The rational is that a CAPI enabled Browser, reciving a Unsercognised CA, try to ask to the M$ services to check if the CA is trustable, it M$ say yes, the CA is added in the CA lists.

let us know if this warkaround works... if so, we can follow with possibile solutions.

[qgib]

Author Name: Richard Duivenvoorde (@rduivenvoorde)

---

@tom Chadwin: yes that helped (for ogrinfo)...

[qgib]

Author Name: Richard Duivenvoorde (@rduivenvoorde)

---

@luigi tried your test also here (by the way I'm on a recent new/updtodate WIN10 VM here, not a fully registred Windows install).

Loaded the https url succesfully in Explorer... that made my (by accident) already running QGIS 2.18 crash instantanious?! :(
So? apparently something was happening?

But restarting QGIS it still gives the error, and also the master version of QGIS.
Also tried with a clean .qgis2 dir, and by adding the url to Microsoft Edge (as that is their favorite isn't it?).
But all did not help...

Not that the duif.net cert is a Letsencrytp certificate, while the https url from the original issuer (https://strageo.es/wp-content/uploads/datos/Testing_QGIS1.geojson) is a Digicert certificate. Both failing (in my and his environment).

[qgib]

Author Name: Geoffrey Baum (@geofbaum)

---

Nyall Dawson wrote:

Just a hunch - is this geojson from fulcrum?

Try this:

Inside QGIS, go to Options - System. Under "environment" add a new line, with

VARIABLE: GDAL_HTTP_USERAGENT
VALUE: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

ok out of options, restart qgis.

It'll work ok after that.

Seems like something at fulcrum is blocking the user agent used by gdal.

A Fulcrum GeoJSON opens for me in QGIS 2.18.7 but not within QGIS 3.0, pretty much any QGIS after 2.18.8 I believe from other discussions I've seen online. Also your advice does not seem to work in any other versions if added to the Environment variables.

[qgib]

Author Name: joe larson (@oeon)

---

I wanted to checkin here to see if there's any update to this issue or advice on how we might be able to overcome this (disclaimer, I work on the Fulcrum product). This is currently still an issue with Windows 2.x LTR and 3.x, but if you go back to 2.16.3-1 it is functional. In my testing, none of the suggestions mentioned in this thread help in getting these data sources to be recognized.

[qgib]

Author Name: Calvin Metcalf (Calvin Metcalf)

---

I'm seeing this for google URLs too, it was a fresh install of QGIS and trying to load some geojson from a url got the SSL certificate problem: unable to get local issuer certificate error

[qgib]

Author Name: Giovanni Manghi (@gioman)

---

Calvin Metcalf wrote:

I'm seeing this for google URLs too, it was a fresh install of QGIS and trying to load some geojson from a url got the SSL certificate problem: unable to get local issuer certificate error

what qgis version? what os and version?

[qgib]

Author Name: Giovanni Manghi (@gioman)

---

• duplicated was configured as Geojson Protocol in QGIS 3.4.3  #28717

[qgib]

Author Name: Jürgen Fischer (@jef-n)

---

Please test with QGIS 3.4 - QGIS 2.18 reached it's end of life.

[qgib]

Author Name: joe larson (@oeon)

---

I am still experiencing the same behavior in my test with 3.4.4 on Windows 10 and have updated the 'Affected QGIS version' of this ticket. Noted, I am testing in a virtualized environment (Parallels via a Mac host OS). It would be nice if someone else can also test.

---

• version was changed from 2.18.16 to 3.4.4

[qgib]

Author Name: Nyall Dawson (@nyalldawson)

---

Joe - are you connecting to fulcrum? Because they also block the QGIS user agent from direct access (no idea why).

[qgib]

Author Name: joe larson (@oeon)

---

Nyall Dawson wrote:

Joe - are you connecting to fulcrum? Because they also block the QGIS user agent from direct access (no idea why).

Hi Nyall, yes - I'm trying from Fulcrum. It's not an issue on Mac with QGIS 3.4. I suspect this is related #27159

In my Win10 VM/QGIS 3.4.4, I can connect to the Fulcrum data by setting GDAL_HTTP_UNSAFESSL = YES ...so we'll provide that workaround for now.

[qgib]

Author Name: Chad Howard (Chad Howard)

---

I used the Data Share feature from Fulcrum in every version of QGIS up to 3.4.3. After this version it broke but only in the Windows Version of QGIS. The Linux and Mac versions still operate perfectly with no problems at all. In the windows version when you pick GeoJson as your viable there are TWO in the list and neither work. I have tried to place the work around listed above and still does not work. It is not the end of the world for me since I have 2 Linux boxes, 3 Macs and 2 Windows computers so when I need to import data from fulcrum I just kick over to a Linux or Mac machine.

[qgib]

Author Name: Giovanni Manghi (@gioman)

---

• priority_id was changed from High to Normal
• status_id was changed from Feedback to Open
• regression was changed from 1 to 0

[gisnederland]

QGis 3.8.0, Win10, 1809 (=x64).
Same SSL certificate problem: unable to get local issuer certificate error here, with geojson from https://open.data.amsterdam.nl/Projecten_Amsterdam_GeoJson.json
Could not solve it by adding the GDAL_HTTP_USERAGENT = Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.362 entry to QGis' options/variables.
Solved it by adding it as Windows system variables (and restarting QGis)

[nirvn]

This is fixed via @jef-n 's update of the libcurl package. The fix will be incorporated into the next point release standalone installer and is available already for those using the package-based osgeo4w installer.