I would like to connect to some API by SSL.
Already I have generated 5 files:
PROD.cert.pem
PROD.issuer.pem
PROD.chain.pem
PROD.csr
PROD.key
This is my php code:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wsdl);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '\PROD.cert.pem');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd() . '\PROD.key');
$output = curl_exec($ch);
var_dump(curl_errno($ch));
var_dump(curl_error($ch));
So, as you can see I add two files: cert and key
When, I run this code I always got error:
SSL certificate problem: unable to get local issuer certificate
Do you know, what I do wrong? How can I resolve this error?
Certificates are not be included in your webdir, you need to install them on your webserver. You can find a comprehensive guide here
Related
I am connected to a vendor (for accessing their API) through a NAT. I can easily access the APIs through http, now for production, https is required. However, when I make the API request to the vendor's endpoint with https enabled, below is the errors:
When SSL Verification is enabled:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://xyz.xyz.xyz.xyz:18423/interface//request
When SSL Verification is disabled:
cURL Error #:OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
I have taken the following steps to set up the SSL.
Step 1: I have first generated the SSL Certificate request and private key with openssl as below:-
-
openssl req -new -newkey rsa:2048 -nodes -keyout mycompany.key -out mycompany.csr
NOTE: The FQDN used api.mycompany.com does not exist. My server is accessed through my private IP address within the network only. (The vendor can reach me for a callback through the NAT)
Step 2: I have sent the CSR only to the vendor to sign
Step 3: Vendor signed the request and sent back the following files:
1.mydomain.cer
2.mydomain.p7b
3.broker_vendor_com.crt
4.DigiCertCA.crt
Step 4: I have decoded the mydomain.cer
I Followed Nginx: Create CSR & Install SSL Certificate (OpenSSL)
Step 5: I combined the mydomain.cer and DigitCert.cer into new file bundle.crt
Step 6: I added the bundle.crt and mycompany.key into my nginx server as below
ssl_certificate /etc/ssl/bundle.crt;
ssl_certificate_key /etc/ssl/salaammfbank.key;
I tried disabling the verification and I get the errors stated above. When I make normal curl request on the terminal using
curl -kv https://xyz.xyz.xyz.xyz:18423/interface//request
I can reach the endpoint with valid response status 200.
Below is the php curl request that returns
cURL Error #:OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
and when verification is enabled
cURL Error #:SSL certificate problem: unable to get local issuer certificate
$url = 'https://xyz.xyz.xyz.xyz:18423/interface//request';
$body = '';
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 40,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => $body,
CURLOPT_HTTPHEADER => ["Accept: application/json", "Content-Type: application/xml"]
]);
#curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
#curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
What am I missing to be able to reach the vendor endpoints through https from my server?
After a long weekend of trying to figure this out, I was able to hit the vendor endpoint through laravel Http facade to make the request and disabled the verification.
$response = Http::withOptions([
'verify' => false,
])->withBody($this->ParseCreateTransactionXml($data),'text/xml')->post($url);
I have also tested with, and returned expected response using below curl:-
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->ParseCreateTransactionXml($data));
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 2);
$response = curl_exec($ch);
I have not made any other changes in the rest of the code. I am not so sure why the code in the question was not working.
I try yo make request for https url. I do it via cmd and curl like:
curl --cert cert.pem https://my_test.com
and it work fine. then i try do it with php and can't connect to url. I reale try many solutions
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_STDERR, fopen("D://curl_debug.txt", "w+"));
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_CAPATH, "D:\\xampp\\htdocs\\CA\\");
curl_setopt($curl, CURLOPT_CAINFO, "D:\\xampp\\htdocs\\cert.pem");
in curl_debug.txt I get: uccessfully set certificate verify locations:
CAfile: D:\xampp\apache\bin\curl-ca-bundle.crt
CApath: D:\xampp\htdocs\CA\
* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream
may be someone have any idea, what is problem? Thanks!
I'm struck with the same issue which many of them have faced before, hope someone can help me.
I'm getting this error after my client has added SSL certificate to the server.
I've been searching in google and forums the whole day but couldn't fix it so finally i'm posting it here.
My code below :
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."\cacert.pem");
curl_setopt ($ch, CURLOPT_CAPATH, dirname(__FILE__)."\cacert.pem");
curl_setopt($ch, CURLOPT_STDERR, fopen(dirname(__FILE__)."/curl_debug.txt", "w+"));
if(curl_exec($ch) === false)
{
echo 'Curl error: ' . curl_error($ch);
}
exit;
I've added these two lines to php.ini file :
[curl]
curl.cainfo="C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"
[openssl]
openssl.cafile="C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"
And tried downloading the latest cacert.pem file
And tried the above code by giving the absolute path to the file :
//curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."\cacert.pem");
Nothing works, All i get is the same error :
Curl error: SSL certificate problem: unable to get local issuer certificate"
And I added "CURLOPT VERBOSE" to look in detail, below is what I received :
* Hostname in DNS cache was stale, zapped
* Trying xxx.xxx.x.x...
* Connected to mywebsite.com (xxx.xxx.x.x) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem
CApath: C:\xampp\htdocs\projects\myproject\includes\cacert.pem
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
Note : I added CAPath since it showed CAPath : None, when not specified.
Would be great if anyone could advise me on the above.
Many Thanks
In Windows XAMP, when using CURL I have to set curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); I understand this is some kind of bug.
Obviously this bypasses the verification intended when using SSL so it is a workaround only for development.
I have a VPS and I'm trying to integrate a payment gateway in my site. I have an SSL sertificate installed in my site (COMODO) and as instruced by the gateway providers, I have to establish a secure connection through cURL.
The code is as follows:
$c = curl_init();
curl_setopt($c, CURLOPT_HEADER, 0);
curl_setopt($c, CURLOPT_URL, $stringbuffer);
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS, $s);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($c, CURLOPT_CAINFO, "/home/site/ssl/certs/Cert.pem");
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
this Cert.pem, I extracted it from their website (with chrome) and then converted it to pem through openssl. Now whenever I try to establish this connection, I get the error:
CURL ERROR: 60::SSL certificate problem: unable to get local issuer certificate
I have access to php.ini so after a big search I tried to add the following to the ini file:
[curl]
curl.cainfo="/home/site/ssl/certs/myCert.pem"
[openssl]
openssl.cafile="/home/site/ssl/certs/myCert.pem"
where myCert.pem is my website certificate which I extracted again as cer and then converted it to pem with openssl.
I also tried to add https://curl.haxx.se/ca/cacert.pem in place of myCert in the ini file with no success.
Any ideas, and please don't ask me to turn off the verifypeer as I can't do so.
I'm using Windows Server 2008 R2 (with IIS), PHP 5.6.0 and cURL 7.36.0 to test against PayPal's TLS test URL:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem');
$result = curl_exec($ch);
curl_close($ch);
When I use CURLOPT_CAINFO and cacert.pem from http://curl.haxx.se/docs/caextract.html it works and I get:
PayPal_Connection_OK
When I don't use CURLOPT_CAINFO I get this error:
SSL certificate problem: unable to get local issuer certificate
I've tried this:
mmc
File > Add/remove snap-in
Certificates (Local Computer)
Trusted Root Certification Authorities > Certificates
All tasks > Import
Select cacert.pem
Message: "The import was successful"
However this has made no difference, I still have to use CURLOPT_CAINFO for it to work.
Is there any way I can install all these root certificates on our Windows Server so that I don't have to use CURLOPT_CAINFO and cacert.pem with every call I make..?
You can leverage your php.ini to set the absolute path of where the cacert.pem is located.
The directive is curl.cainfo
Set it, or at least read its value and place your file at the right position.
See:
http://php.net/manual/en/curl.configuration.php