The gdal_translate program has an option to define an XML file with the necessary information to download an image using various web map server specifications. For some reason, the gdal_translate/XML option is not downloading the requested image but going to the web mapping site directly works. For my needs, I need to go through gdal_translate and use the XML file instead of getting the image directly from the web site.
For example, I have the following XML file that I'm using to download an image:
<GDAL_WMS>
<Service name="AGS">
<ServerUrl>https://raster.nationalmap.gov/arcgis/rest/services/LandCover/USGS_EROS_LandCover_NLCD/MapServer</ServerUrl>
<ImageFormat>tiff</ImageFormat>
<Layers>show:6</Layers>
<BBoxOrder>xyXY</BBoxOrder>
<SRS>4326</SRS>
</Service>
<DataWindow>
<UpperLeftX>-112.2624206542975</UpperLeftX>
<UpperLeftY>40.5898131802071</UpperLeftY>
<LowerRightX>-111.0745239257810</LowerRightX>
<LowerRightY>40.0400730420049</LowerRightY>
<SizeX>1609</SizeX>
<SizeY>745</SizeY>
</DataWindow>
</GDAL_WMS>
I save this file as "test5.xml". Then I try to run the following command:
gdal_translate -of GTiff "F:\temp\test5.xml" "f:\temp\p37.nlcd.tif"
I get the following output when running this command and the requested image is not downloaded:
Input file size is 1609, 745
0ERROR 1: GDALWMS: Unable to download block 0, 0.
URL: https://raster.nationalmap.gov/arcgis/rest/services/LandCover/USGS_EROS_LandCover_NLCD/MapServer/export?f=image&bbox=-112.26242065,40.04007304,-111.50641926,40.58981318&size=1024,745&dpi=&imageSR=4326&bboxSR=4326&format=tiff&layerdefs=&layers=show:6&transparent=false&time=&layerTimeOptions=&dynamicLayers=
HTTP status code: 0, error: SSL certificate problem: self signed certificate in certificate chain.
Add the HTTP status code to <ZeroBlockHttpCodes> to ignore that error (see http://www.gdal.org/frmt_wms.html).
ERROR 1: F:\temp\test5.xml, band 1: IReadBlock failed at X offset 0, Y offset 0
ERROR 1: GetBlockRef failed at X block offset 0, Y block offset 0
However, if I go to the following web site, I am able to see the image (this same URL is shown in the output of gdal_translate):
https://raster.nationalmap.gov/arcgis/rest/services/LandCover/USGS_EROS_LandCover_NLCD/MapServer/export?f=image&bbox=-112.26242065,40.04007304,-111.50641926,40.58981318&size=1024,745&dpi=&imageSR=4326&bboxSR=4326&format=tiff&layerdefs=&layers=show:6&transparent=false&time=&layerTimeOptions=&dynamicLayers=
Any ideas about how to fix the XML or work around this problem?
Best Answer
The error message is misleading when it gives a hint about using for ignoring the error. The essential information is in this message
You can read more about certificate chains from the net, for example at https://msdn.microsoft.com/en-us/library/windows/desktop/aa376515(v=vs.85).aspx but what happens is that your service provider has created their own certificate which is not automatically trusted by other parties.
The easiest way to bypass the error is to read carefully the WMS driver manual page http://www.gdal.org/frmt_wms.html and find this
Edit your XML file to end this way and you will get your data.
This is actually a hack which means about "I am not sure if the server raster.nationalmap.gov really is what it claims to be but I do not care and I will accept just any certificates now and in the future". Better way would be to add the certificate of nationalmap.gov into the CA Bundle storage that is used by curl as a trusted certificate. Some more info about that is in this GDAL ticket https://trac.osgeo.org/gdal/ticket/6732.