Reputation: 31
Curl failed: NSS: client certificate not found (nickname not specified) - On Centos 7
I know this has been asked on SO before but I think my situation is a little bit different:
When I'm trying to use curl inside PHP I receive the following error when trying to interact with apples push notification service (https://api.push.apple.com/3/device/)
Curl failed: NSS: client certificate not found (nickname not specified)
This is due to the fact that on centos, php is build with curl that uses NSS instead OpenSSL.
What I tried so far:
- Recompiling curl (worked! Binary is able to perform the call, but php is not)
- Recompiling php (didnt work, as it requires curl-devel to be installed, which might link to NSS again)
So my next approach is to fix this NSS problem, but it turns out NSS is a very bad piece of software as just a simple rename of an imported lets-ecnrypt certificate doesnt work.. ..
Could someone please explain me how I could fix this? I already tried importing a lets encrypt certificate into the NSS database stored in /etc/pki/nssdb, that worked - but unfortunately the certificate is not recognized in PHP, even if I provide its nickname in CURLOPT_SSLCERT => 'nickname'.
Maybe this is because it has special characters inside its nickname which i cannot change as NSS fails to rename (lol).
When I directly try to provide certificates in php using
CURLOPT_SSLCERT => $certFile,
CURLOPT_SSLKEY => $keyFile,
CURLOPT_CAINFO => $caCertFile
I get:
Curl failed: Peer's Certificate issuer is not recognized.
I also turned of peer verification by
CURLOPT_SSL_VERIFYPEER => FALSE
ending in
Curl failed: security library failure
Is there anybody out there who could teach me how to fix it or how to build php on centos with builting curl using openssl?
BR,
Upvotes: 0
Views: 4021
Answers (1)
Reputation: 31
Finally I got this working, here is what I did:
- Recompiled curl with openssl and put the libcurl.so.4 in a new folder /home/mylibs/
- Copied all libs from /usr/lib to /home/mylibs/ while not replacing my libcurl.so.4
- Located the system's php-cgi binary, renamed it to php-cgi-real
- Created a blank file php-cgi
#! /bin/bash
export LD_PRELOAD=/home/mylibs/libcurl.so.4
exec php-cgi-real "$@"
- Restarted the service
- Done!
Upvotes: 0
Related Questions
- cURL not working (Error #77) for SSL connections on CentOS for non-root users
- NSS: client certificate not found (nickname not specified)?
- curl "Peer's public key is invalid." unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
- cURL with NSS - Can't find certificate
- CURL on Centos 7 getting NSS error -12188
- cURL SSL connect error 35 with NSS error -5961
- PHP CURL "NSS: client certificate not found (nickname not specified)" Issue
- NSS: client certificate not found (nickname not specified) with Paypal with CURL
- PHP CURL error: unable to use client certificate (no key found or wrong pass phrase?)
- PHP cURL call returning error 56 with NSS error -12195