Error using PHP cURL with SSL certificates

前端 未结 5 1760
伪装坚强ぢ
伪装坚强ぢ 2020-12-08 10:03

I\'m trying to write a PHP script using cURL that can authorize a user through a page that uses an SSL certificate, in addition to username and password, and I can\'t seem t

相关标签:
5条回答
  • 2020-12-08 10:38

    Because things work via the command line but not via php using curl then I would pursue curl being the problem.

    According to this URL, http://curl.haxx.se/docs/sslcerts.html, which was reference in an SO post you cited above ( reading SSL page with CURL (php) )...

    "Until 7.18.0, curl bundled a severely outdated ca bundle file that was installed by default. These days, the curl archives include no ca certs at all. You need to get them elsewhere. See below for example.

    If the remote server uses a self-signed certificate, if you don't install a CA cert bundle, if the server uses a certificate signed by a CA that isn't included in the bundle you use or if the remote host is an impostor impersonating your favorite site, and you want to transfer files from this server, do one of the following:"

    It then goes on to list a number of steps that you can try.

    Since your 7.16.3 version of curl is prior to 7.18.0, if you haven't already, I would recommend updating your curl and openssl components and then working through the list referenced above.

    0 讨论(0)
  • 2020-12-08 10:44

    Now that this question is vey old, but maybe could be useful for some users looking for an answer currently.

    I have a similar problem about an API with SSL, having problems with CURL (not with the browsers) my problem was that I just put the certificate but not the ceritifcates chain/bundle. Then I put that and things started working. So that's important in order to avoid problems.

    Hope this can be useful for someone.

    0 讨论(0)
  • 2020-12-08 10:47

    After 6 years of the question, I meet the same problem on a shared-host, and apparently there is no satisfactory answer. I found for myself a solution, hope it useful for everybody.

    You can try this config:

    curl_setopt($config,CURLOPT_SSL_VERIFYHOST,0);
    curl_setopt($config,CURLOPT_SSL_VERIFYPEER,1);
    curl_setopt($config,CURLOPT_CAINFO,'ca-bundle.crt');
    curl_setopt($config,CURLOPT_CAPATH,'ca-bundle.crt');
    

    I met same error with @Magsol: Error: error setting certificate verify locations: CAfile: /path/to/servercert.cer CApath: none; so I added the 4th line to set CAPath.

    It's work with me. But note, the CA file must be place in accessable dir (with chmod 755 or 777) and it will better if CA file is in the same dir with PHP file.

    0 讨论(0)
  • 2020-12-08 10:54

    To elaborate and sum this up:

    if you have a PHP file using PHP curl and place the ca certificate for your systems in the same directory, the below code will give you a jumpstart

        $url = "https://myserver.mydomain.local/get_somedata.php";
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
    
    //These next lines are for the magic "good cert confirmation"
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_VERBOSE, true);
    
    //for local domains:
    //you need to get the pem cert file for the root ca or intermediate CA that you signed all the domain certificates with so that PHP curl can use it...sorry batteries not included
    //place the pem or crt ca certificate file in the same directory as the php file for this code to work
        curl_setopt($ch, CURLOPT_CAINFO, __DIR__.'/cafile.pem');
        curl_setopt($ch, CURLOPT_CAPATH, __DIR__.'/cafile.pem');
    
    //DEBUG: remove slashes on the next line to prove "SSL verify" is the cause       
    //curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    
    //Error handling and return result
        $data = curl_exec($ch);
        if ($data === false) {
            $result = curl_error($ch);
        } else {
            $result = $data;
        }
    
    // Close handle
        curl_close($ch);
        return $result;
    
    0 讨论(0)
  • 2020-12-08 11:02

    You can try this if it works for you:

    curl_setopt($ch, CURLOPT_URL, "https://test.example.com/v1/authenticate.json?api_key=123456");
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
    curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    curl_setopt($ch, CURLOPT_FAILONERROR, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch,CURLOPT_CAINFO,'cert.embedapp.20191004.pem');
    curl_setopt($ch,CURLOPT_CAPATH,'./cert.embedapp.20191004.pem');
    

    Comment these lines and add this:

    //curl_setopt($ch,CURLOPT_CAINFO,'cert.embedapp.20191004.pem');
    //curl_setopt($ch,CURLOPT_CAPATH,'./cert.embedapp.20191004.pem');
    curl_setopt($ch, CURLOPT_SSLCERT,'cert.embedapp.20191004.pem');
    
    0 讨论(0)
提交回复
热议问题