How mpesa ssl handshake failure

Question

With the mpesa B2C integration. am trying to use Curl

        $url = "https://196.201.214.136:18423/mminterface/request";




    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
    // curl_setopt($ch, CURLOPT_PORT, 18423);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $requestXml);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
                                           'Content-type: text/xml', 
                                           'Content-length: ' . strlen($requestXml)
                                         ));
    $output = curl_exec($ch);

    if(curl_errno($ch)){
        var_dump(curl_error($ch));
    } else{
        curl_close($ch);
    }

I get an error

error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure'

This is after changing ssl version from nss to openssl. How do I solve the handshake failure.

Answer 1

Safaricom has released M-Pesa APIs as RESTful APIs accessible through their developer portal . You need not have SSL certificates signed by Safaricom in order to consume the APIs. As long as your server has a publicly signed certificate, the Safaricom API Gateway should be able to receive requests and send responses to your server.

Answer 2

If I remember correctly, MPESA uses some public-private key pairs that you need to generate in conjunction with them. If you don't have those set up right, your SSL requests will fail. Have you done this yet?