CODEWITHSUNDEEP
phpsslcurlsoapssl-certificate
Nikhilesh Manurkar
Nikhilesh Manurkar

Reputation: 65

unable to use client certificate(no key found or wrong pass phrase?)

I am trying to make a SOAP call to a server using CURL as belows.

The Requirement is

We need to pass the ssl certificate and pass the Username and Password

    $ssl = "ssl_file_relative_address.pem";
    $pub_ssl_password = 'mynameiskhan';
    //Get the data
    $data = the_data_xml.xml;
    //Get the WSDL Address
    $wsdl = "address/to/wsdl?parameter=value";
    $soapUser = "Username";  //  username
    $soapPassword = "password"; // password

    $options = [
        CURLOPT_RETURNTRANSFER => TRUE,
        CURLOPT_FOLLOWLOCATION => TRUE,
        CURLOPT_SSL_VERIFYHOST => FALSE,
        CURLOPT_SSL_VERIFYPEER => FALSE,
        CURLOPT_URL => $wsdl,
        CURLOPT_SSLCERT => $ssl,
        //CURLOPT_SSLCERTPASSWD => $pub_ssl_password,
        CURLOPT_USERPWD => $soapUser.":".$soapPassword,
        CURLOPT_HTTPAUTH => CURLAUTH_BASIC
    ];

    $ch = curl_init();
    curl_setopt_array($ch , $options);
    $response = curl_exec($ch);
    //curl_close($ch);
    if (curl_errno($ch)) {
        print curl_error($ch); 
    }

I'm getting the following Error from CURL : unable to use client certificate (no key found or wrong pass phrase?)

What is it that I'm doing Wrong...

Upvotes: 1

Views: 4906

Answers (2)

Nikhilesh Manurkar
Nikhilesh Manurkar

Reputation: 65

Found the Solution. It required an intermediate CA Certificate.
The Solution is

$options = [
    CURLOPT_HTTPHEADER => ['Content-type: application/json'],
    CURLOPT_URL => 'https://address/to/service?param=value',
    CURLOPT_SSL_VERIFYPEER => 0,
    CURLOPT_CAINFO => getcwd()."\cacert.pem",
    URLOPT_SSLCERT => getcwd().'\cert.pem',
    CURLOPT_SSLCERTPASSWD => 'ssl_password',
    CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
    CURLOPT_USERPWD => $soapUser.":".$soapPassword,
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => $data
];

$ch = curl_init();
curl_setopt_array($ch , $options);
$response = curl_exec($ch);

if (curl_errno($ch)) {
    print curl_error($ch); 
}else{
    print_r($response);
}

curl_close($ch);

Do not forget to mention the CURLOPT_HTTPHEADER to its content type, it is important.
Also download the intermediate certificate from https://curl.haxx.se/ca/cacert.pem. It contains all the valid CA's.

Thanks @drew010 for help.

Upvotes: 2

drew010
drew010

Reputation: 69927

When you specify a client authentication certificate using CURLOPT_SSLCERT, the PEM file should contain a -----BEGIN CERTIFICATE----- line followed by the certificate.

You also need to supply cURL with the corresponding private key to the certificate using CURLOPT_SSLKEY which is a file beginning with -----BEGIN PRIVATE KEY-----.

If the private key is in ssl_file_relative_address.pem, then try copying the private key to a separate file.

If the private key is encrypted, you can specify the password using CURLOPT_SSLKEYPASSWD.

Upvotes: 1

Related Questions