Jump to content

Recommended Posts

It seems like maybe you got on the wrong path. You don't need your own SSL Certificate just to connect to another SSL site, which appears to be all you're trying to do. What you need to do in order to connect to an external SSL site is

 

a) Disable certificate verification (easy/less secure) or

b) Properly configure the path to root certificates on your server.

 

Option a is just a matter of setting CURLOPT_SSL_VERIFYPEER to false. Doing that will cause cURL to basically accept the certificate without doing any sort of verification to ensure it matches the URL given and is trusted.

 

Option b is a matter of obtaining the proper root certificates for the site in question and putting them on your server, then you configure either CURLOPT_CAINFO or CURLOPT_CAPATH to point to the location of those certificates.

 

You appear to have started off by trying to implement option b but cURL was failing to read the root certificates. Either your path to the file was incorrect, it was unreadable (check permissions) or possibly in the incorrect format such that cURL is unable to parse it.

Link to comment
https://forums.phpfreaks.com/topic/280399-curl-problem/page/2/#findComment-1441853
Share on other sites

Ok so I copy pasted the certs into notepad seperately and named the ca bundle, ca.crt and ssl cert mycert.pem. Then put those files in their own folder and changed my code to this, (i just password for the SSLCERTPASSWD here but I have the real one in the actual code.)

 

curl part of code on cart.func.php included on shopping.php page

// Get cURL resource
			$curl = curl_init();
			// Set some options - we are passing in a useragent too here
			curl_setopt($curl, CURLOPT_URL, $request_url);
			curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
			curl_setopt($curl, CURLOPT_VERBOSE, '1');
			curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, '1');
			curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, '1');
			curl_setopt($curl, CURLOPT_CAINFO,  getcwd().'/cert/ca.crt');
			curl_setopt($curl, CURLOPT_SSLCERT, getcwd().'/cert/mycert.pem');
			curl_setopt($curl, CURLOPT_SSLCERTPASSWD, 'password');
			// Send the request & save response to $resp
			$result = curl_exec($curl);
			echo curl_error($curl);
			// Close request to clear up some resources
			curl_close($curl);

and I'm still getting this error,

 

unable to use client certificate (no key found or wrong pass phrase?)

 

the directory structure is set up like this,

 

public_html

   func

     cart.func.php

  cert

    .htaccess

    ca.crt

    mycert.pem

  secure

    shopping.php

 

on the .htaccess file I have in the cert folder I have it set to deny from all, so no one can view the contents inside. Is that a problem at all? Also maybe I'm not calling the path properly in my code is there another way I should do it?

 

Thanks for your time.

Edited by andy1212
Link to comment
https://forums.phpfreaks.com/topic/280399-curl-problem/page/2/#findComment-1441855
Share on other sites

ok I labeled the rsa key mykey.pem and set up the code like this, and I'm still getting the same error,

 

 

// Get cURL resource
$curl = curl_init();
// Set some options - we are passing in a useragent too here
curl_setopt($curl, CURLOPT_URL, $request_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_VERBOSE, '1');
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, '1');
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, '1');
curl_setopt($curl, CURLOPT_CAINFO,  getcwd().'/cert/ca.crt');
curl_setopt($curl, CURLOPT_SSLCERT, getcwd().'/cert/mycert.pem');
curl_setopt($curl, CURLOPT_SSLKEY, getcwd().'/cert/mykey.pem');
curl_setopt($curl, CURLOPT_SSLCERTPASSWD, 'password');
// Send the request & save response to $resp
$result = curl_exec($curl);
echo curl_error($curl);
// Close request to clear up some resources
curl_close($curl);
Edited by andy1212
Link to comment
https://forums.phpfreaks.com/topic/280399-curl-problem/page/2/#findComment-1441873
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.