I'm getting the classic php curl error "unable to get local issuer certificate".
Here are some more information from the curl debug:
Trying 133.7.42.21...
TCP_NODELAY set
Connected to example.adress.com (133.7.42.21) port 443 (#0)
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
successfully set certificate verify locations:
CAfile: C:\some_absolute_path\cacert.pem
CApath: none
SSL certificate problem: unable to get local issuer certificate
Curl_http_done: called premature == 1\n* Closing connection 0\n
As you can see the i tried to used the "cacert.pem" file from Mozilla.
I tried all of them but none of them worked.
The PHP Code:
$curl = curl_init($location);
//set verifier from interface host
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
//set host global certificate
curl_setopt($curl, CURLOPT_CAINFO, $globla_cert);
//set certificate
curl_setopt($curl, CURLOPT_SSLCERT, $ssl_cert);
//set private key
curl_setopt($curl, CURLOPT_SSLKEY, $ssl_cert_key);
//set private key password
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $ssl_cert_password);
//set curl debug output
curl_setopt($curl, CURLOPT_VERBOSE, true);
$verbose = fopen('php://temp', 'w+');
curl_setopt($curl, CURLOPT_STDERR, $verbose);
//curl_setopt($curl, CURLINFO_HEADER_OUT, true);
//set ssl version
curl_setopt($curl, CURLOPT_SSLVERSION, 6);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $request);
curl_setopt($curl, CURLOPT_HEADER, FALSE);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
curl_setopt($curl, CURLOPT_TIMEOUT, $timeout);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT_MS, $connecttimeout);
$response = curl_exec($curl);
It will work without the Global cert when i disable CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST but this is a NOGO
I'm currently using XAMPP with PHP Version 7.0.15.
The Apache has the mod_ssl enabled.
PHP has the openssl and the curl extension enabled.
Things that i tried:
Set the path inside the php.ini:
openssl.cainfo= "C:\some_absolute_path\cacert.pem"
openssl.cafile= "C:\some_absolute_path\cacert.pem"
Throw the cert in the default path that i got with var_dump(openssl_get_cert_locations());
That was "C:\openssl-1.0.2j-win32\ssl" for me.
Throw the cert in "C:\xampp\php"
Now i don't find anymore "fixes" that i can try, has someone an idea what it could be?
The problem is resolved.
It wasn't a technical problem. The certificate that i received for the Service wasn't valid anymore and the new certificate isn't in the "cacert.pem" from Mozilla like the old one.
Related
I have to send a request to a server with mTLS. The certificate I have to send has to be .pem and have no keys or passwords. I don't understand much about certificates yet, but I managed to organize the code bellow, however, I've been trying to solve this issue for the last hours and tried many things from many places, yet nothing seems to work.
The code i'm using to send the requests is:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', "Authorization: Bearer $bearer"));
curl_setopt($ch, CURLOPT_SSLCERTTYPE, "PEM");
curl_setopt($ch, CURLOPT_CAINFO, 'cert.pem');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
$return = curl_exec($ch);
if (!$return) {
$return = curl_error($ch);
}
curl_close($ch);
And the error it's returning is:
error setting certificate verify locations:
CAfile: cert.pem
CApath: /etc/ssl/certs
I've tried reinstalling and updating ca-certificates, copying and pasting the cert.pem in the /etc/ssl/certs and the /etc/pki/tls/certs folders, recreate the cert.pem file. Yet nothing changed the error.
I need to send a POST request to the server. The server uses certificates. I have a file with a .p12 extension. This is the first time I come across certificates and do not understand what needs to be done
My code:
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($curl, CURLOPT_CAINFO, ''); // ???
var_dump(curl_exec($curl));
var_dump(curl_error($curl));
curl_close($curl);
As a result, I naturally get the error: bool(false) string(69) "error setting certificate verify locations: CAfile: CApath: none"
But I don't know how to get the path to the certificate from the .p12 file
I try yo make request for https url. I do it via cmd and curl like:
curl --cert cert.pem https://my_test.com
and it work fine. then i try do it with php and can't connect to url. I reale try many solutions
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_STDERR, fopen("D://curl_debug.txt", "w+"));
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_CAPATH, "D:\\xampp\\htdocs\\CA\\");
curl_setopt($curl, CURLOPT_CAINFO, "D:\\xampp\\htdocs\\cert.pem");
in curl_debug.txt I get: uccessfully set certificate verify locations:
CAfile: D:\xampp\apache\bin\curl-ca-bundle.crt
CApath: D:\xampp\htdocs\CA\
* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream
may be someone have any idea, what is problem? Thanks!
I have a VPS and I'm trying to integrate a payment gateway in my site. I have an SSL sertificate installed in my site (COMODO) and as instruced by the gateway providers, I have to establish a secure connection through cURL.
The code is as follows:
$c = curl_init();
curl_setopt($c, CURLOPT_HEADER, 0);
curl_setopt($c, CURLOPT_URL, $stringbuffer);
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS, $s);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($c, CURLOPT_CAINFO, "/home/site/ssl/certs/Cert.pem");
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
this Cert.pem, I extracted it from their website (with chrome) and then converted it to pem through openssl. Now whenever I try to establish this connection, I get the error:
CURL ERROR: 60::SSL certificate problem: unable to get local issuer certificate
I have access to php.ini so after a big search I tried to add the following to the ini file:
[curl]
curl.cainfo="/home/site/ssl/certs/myCert.pem"
[openssl]
openssl.cafile="/home/site/ssl/certs/myCert.pem"
where myCert.pem is my website certificate which I extracted again as cer and then converted it to pem with openssl.
I also tried to add https://curl.haxx.se/ca/cacert.pem in place of myCert in the ini file with no success.
Any ideas, and please don't ask me to turn off the verifypeer as I can't do so.
The following code works on Ubuntu versions below 14:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://example.com");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$serverOutput = curl_exec($ch);
curl_close($ch);
This starts to run on Ubuntu 14 but times out on curl_exec. Have tried on two Ubuntu 14 boxes and neither are connecting properly.
Is there some configuration change or extra option for php5 on Ubuntu 14 that needs to be made to allow this to connect?
Output of curl_setopt($ch, CURLOPT_VERBOSE, true);:
* Hostname was NOT found in DNS cache
* Trying IP ADDRESS...
* Connected to example.com (IP ADDRESS) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
does not get any further.