.josh Posted July 23, 2013 Share Posted July 23, 2013 honestly I don't know what your hosting provider will or won't do for you..I've never done this stuff on a shared hosting account before, only a dedicated box :/ Quote Link to comment Share on other sites More sharing options...
andy1212 Posted July 23, 2013 Author Share Posted July 23, 2013 wow they gave me everything for the ssl! gonna test it out now Quote Link to comment Share on other sites More sharing options...
kicken Posted July 23, 2013 Share Posted July 23, 2013 It seems like maybe you got on the wrong path. You don't need your own SSL Certificate just to connect to another SSL site, which appears to be all you're trying to do. What you need to do in order to connect to an external SSL site is a) Disable certificate verification (easy/less secure) or b) Properly configure the path to root certificates on your server. Option a is just a matter of setting CURLOPT_SSL_VERIFYPEER to false. Doing that will cause cURL to basically accept the certificate without doing any sort of verification to ensure it matches the URL given and is trusted. Option b is a matter of obtaining the proper root certificates for the site in question and putting them on your server, then you configure either CURLOPT_CAINFO or CURLOPT_CAPATH to point to the location of those certificates. You appear to have started off by trying to implement option b but cURL was failing to read the root certificates. Either your path to the file was incorrect, it was unreadable (check permissions) or possibly in the incorrect format such that cURL is unable to parse it. Quote Link to comment Share on other sites More sharing options...
andy1212 Posted July 23, 2013 Author Share Posted July 23, 2013 (edited) Ok so I copy pasted the certs into notepad seperately and named the ca bundle, ca.crt and ssl cert mycert.pem. Then put those files in their own folder and changed my code to this, (i just password for the SSLCERTPASSWD here but I have the real one in the actual code.) curl part of code on cart.func.php included on shopping.php page // Get cURL resource $curl = curl_init(); // Set some options - we are passing in a useragent too here curl_setopt($curl, CURLOPT_URL, $request_url); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); curl_setopt($curl, CURLOPT_VERBOSE, '1'); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, '1'); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, '1'); curl_setopt($curl, CURLOPT_CAINFO, getcwd().'/cert/ca.crt'); curl_setopt($curl, CURLOPT_SSLCERT, getcwd().'/cert/mycert.pem'); curl_setopt($curl, CURLOPT_SSLCERTPASSWD, 'password'); // Send the request & save response to $resp $result = curl_exec($curl); echo curl_error($curl); // Close request to clear up some resources curl_close($curl); and I'm still getting this error, unable to use client certificate (no key found or wrong pass phrase?) the directory structure is set up like this, public_html func cart.func.php cert .htaccess ca.crt mycert.pem secure shopping.php on the .htaccess file I have in the cert folder I have it set to deny from all, so no one can view the contents inside. Is that a problem at all? Also maybe I'm not calling the path properly in my code is there another way I should do it? Thanks for your time. Edited July 23, 2013 by andy1212 Quote Link to comment Share on other sites More sharing options...
andy1212 Posted July 23, 2013 Author Share Posted July 23, 2013 (edited) where would I put the rsa key in the code above and what should I save the rsa file as for the extension of the file. like rsa.pem or rsa.key or something Edited July 23, 2013 by andy1212 Quote Link to comment Share on other sites More sharing options...
andy1212 Posted July 23, 2013 Author Share Posted July 23, 2013 (edited) ok I labeled the rsa key mykey.pem and set up the code like this, and I'm still getting the same error, // Get cURL resource $curl = curl_init(); // Set some options - we are passing in a useragent too here curl_setopt($curl, CURLOPT_URL, $request_url); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); curl_setopt($curl, CURLOPT_VERBOSE, '1'); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, '1'); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, '1'); curl_setopt($curl, CURLOPT_CAINFO, getcwd().'/cert/ca.crt'); curl_setopt($curl, CURLOPT_SSLCERT, getcwd().'/cert/mycert.pem'); curl_setopt($curl, CURLOPT_SSLKEY, getcwd().'/cert/mykey.pem'); curl_setopt($curl, CURLOPT_SSLCERTPASSWD, 'password'); // Send the request & save response to $resp $result = curl_exec($curl); echo curl_error($curl); // Close request to clear up some resources curl_close($curl); Edited July 23, 2013 by andy1212 Quote Link to comment Share on other sites More sharing options...
andy1212 Posted July 25, 2013 Author Share Posted July 25, 2013 Would anybody be able to help me from here? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.