Reputation: 121
2 ways SSL with CURL PHP not working
In SOAPUI, I import the .pfx file in SSL setting only, then I test the API methods and it works without issues. Now, I want to implement the same working sample in SOAPUI to my PHP application. SO, I used CURL PHP to manage it. What I did is basically, I import the same cert that I used in SOAP UI to my PHP file. I want to access the protected server with my public key using my private key.
UPDATE: 29 June 2018
PFX file: test-cert.pfx
$url = 'https://domain.com.ph/api/id_num';
$headers = array(
"Content-Type: application/json",
"token really_long_numbers",
);
$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, $url );
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_PORT , 443);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 2);
curl_setopt($curl, CURLOPT_SSLVERSION, 1);
curl_setopt($curl, CURLOPT_SSLCERT, "/Applications/XAMPP/xamppfiles/htdocs/d/client.pem");
curl_setopt($curl, CURLOPT_SSLKEY, "/Applications/XAMPP/xamppfiles/htdocs/d/key.pem");
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, "******");
curl_setopt($curl, CURLOPT_CAINFO, "/Applications/XAMPP/xamppfiles/htdocs/d/cacert.pem");
I tried to generate CA from PFX, using the command below
openssl pkcs12 -in test-cert.pfx -out test-cert.pem -clcerts
AND /OR
openssl pkcs12 -in test-cert.pfx -out test-cert.pem -clcerts -nodes
The new error is now
cURL Error #:SSL certificate problem: unable to get local issuer certificate
UPDATE: 2 July 2018
I already added the following line to the php.ini file and, of course, downloaded the cacert.pem file from http://curl.haxx.se/ca/cacert.pem
[curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path.
curl.cainfo="/Applications/XAMPP/xamppfiles/etc/openssl/certs/cacert.pem"
openssl.cafile="/Applications/XAMPP/xamppfiles/etc/openssl/certs/cacert.pem"
My php.ini configuration file is located
Configuration File (php.ini) Path: /etc
Loaded Configuration File: /etc/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed: (none)
and added the line below in curl
CURLOPT_CAINFO => '/path/to/my/exported/cacert.pem'
CURLOPT_CAPATH => '/path/to/my/exported/cacert.pem'
I also enable the following lines php_openssl.dll and mod_ssl in apache configuration and php.ini
Lastly, I downloaded the ca-bundle.crt in cacert.pem location too.
still it didn't work.
Upvotes: 1
Views: 3622
Answers (1)
Reputation: 14259
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_PORT , 443);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 2);
curl_setopt($curl, CURLOPT_SSLVERSION, 1);
curl_setopt($curl, CURLOPT_SSLCERT, getcwd() . "/my_cert.pem");
curl_setopt($curl, CURLOPT_SSLKEY, getcwd() . "/my_key.pem");
curl_setopt($curl, CURLOPT_CAINFO, getcwd() . "/cacert.pem");
You need to specify all 3 - your private key (SSLKEY), your public certificate (SSLCERT) and the certificate authority chain (CAINFO) up to the root CA. The key and certificates should be in plain-text PEM format instead of PFX
openssl pkcs12 -in test-cert.pfx -out test-cert.pem -nodes
UPDATE: 29 June 2018
Download http://curl.haxx.se/ca/cacert.pem (or https://github.com/bagder/ca-bundle/blob/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt which also conatins RSA-1024 certificates) into /Applications/AMPPS/extra/etc/openssl/certs/cacert.pem
Then update php.ini and restart Apache
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
openssl.cafile="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
Upvotes: 1