I am working with Rightmove and their realtime data feed, we received a (self-signed?) certificate (.p12 file) that we had to insert into our browser/PC to connect to the testserver, this is all working great.
Now we are writing our own script, and connecting to the test server via CURL, however we are loading this script from our server and it does not have access to the test server (handshake failed - authentication, after research looks like it is expecting certificate which makes sense), but how do we get access? They are not of great help and I am wondering if we need to add this certificate to our domain/server as well to gain authentication?
Hope you can help!
You would use the CURLOPT_SSLCERT & CURLOPT_SSLCERTPASSWD options with your CURL command. e.g
$url = "https://www.example.com";
$cert_file = 'certificate_file.pem';
$cert_password = 'password';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Useragent',
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
Related
When I try to send a cURL request, I get the following error:
* SSL certificate verify ok.
> * SSL_write() error: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry
* Closing connection 0
this is the request I am sending:
$url = 'https://example.com/services/service-name';
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $postData,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1_2,
CURLOPT_VERBOSE => true,
CURLOPT_STDERR => $fp,
));
$response = curl_exec($curl);
Sometimes it works, but other times it gives me the SSL error "Curl Error Number 55".
Curl version: 7.84.0
SSL version: OpenSSL/1.1.1p
On localhost, it works all the time, but on production server "Linux" it keeps giving me the SSL error. Any help is greatly appreciated
After trying everything I know, the problem was related to DNS using IPv6 instead of IPv4. I forced the cURL request to use IPv4 and haven't received any error since
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
I'm trying to download a file that needs to be authenticated through a client digital certificate, I already have the certificate but I do not know how to configure it in curl.
$useragent = '...';
$post = array( ... );
$certPass = '123456';
$certPath = _DIR_PATH.'cert/';
$certPfx = $certPath.'certificate.pfx';
$cert = $certPath.'certificate.pem';
$url = 'https://www.url.com/path/to/access';
$ch = curl_init( $url );
$options = array(
CURLOPT_FAILONERROR => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_AUTOREFERER => true,
CURLOPT_HEADER => true,
CURLOPT_NOBODY => true,
CURLOPT_CAINFO => $cert,
CURLOPT_CAPATH => $certPath,
CURLOPT_SSH_PRIVATE_KEYFILE => $certPfx,
CURLOPT_SSLCERT => $cert,
CURLOPT_SSLCERTPASSWD => $certPass,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $post,
CURLOPT_USERAGENT => $useragent,
CURLOPT_COOKIE => 'ASP.NET_SessionId='.$cookie
);
curl_setopt_array( $ch, $options );
$resp = curl_exec($ch);
$ch_errno = curl_errno($ch);
$ch_erro = curl_error($ch);
curl_close($ch);
I am always getting the message: SSL certificate problem: unable to get local issuer certificate.
Can someone help me?
PHP cURL: Fixing the “SSL certificate problem: unable to get local issuer certificate” error.
If you are using PHP’s cURL functions to connect to a HTTPS URL, you might come across the following error:
SSL certificate problem: unable to get local issuer certificate. (cURL error code 60)
This is a common error that occurs whenever you attempt to use PHP’s cURL functions to connect to a HTTPS website. Essentially, your cURL client has not been configured to connect to SSL-enabled websites.
The Quick Fix.
CURLOPT_SSL_VERIFYHOST: This option tells cURL that it must verify the host name in the server cert.
CURLOPT_SSL_VERIFYPEER: This option tells cURL to verify the authenticity of the SSL cert on the server.
For example.
$url = 'https://google.com';
//Initiate cURL.
$ch = curl_init($url);
//Disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER by
//setting them to false.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//Execute the request.
curl_exec($ch);
//Check for errors.
if(curl_errno($ch)){
throw new Exception(curl_error($ch));
}
You need to configure your php.ini porperly with current (valid) certificates.
curl.cainfo = "/etc/php7.2/cacert.pem"
openssl.cafile = "/etc/php7.2/cacert.pem"
Look at https://curl.haxx.se/docs/caextract.html to download the current one. After that restart your webserver.
Do not something like
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
which will work, but disables any verification and security.
I appreciate this has been asked a number of times but after looking through the answers I'm still getting the following error:
Curl error: Peer certificate cannot be authenticated with known CA certificates
I have the below code, which works on a non-https version of the site (different server), however, it won't work on the live site running https. My assumption is that it's trying to verify against the SSL certificate on the site, rather than the .pem file specified in $cert_path.
I'll be honest, I'm a bit confused between SSLCERT and the CAINFO however I have added the following to my php.ini file and checked to make sure they're set correctly, which they are.
// php.ini
curl.cainfo = "/path/to/.pem";
openssl.cafile = "/path/to/.pem";
As I said before, the following works on the stage version of the site, just not the live one. Any help would be greatly appreciated.
// php curl snippet
$cert_path = '/path/to/.pem';
$options = array(
CURLOPT_SSL_VERIFYHOST => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSLCERT => $cert_path,
CURLOPT_SSLCERTPASSWD => $password,
CURLOPT_CAINFO => $cert_path,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $xml_post_string,
CURLOPT_HTTPHEADER => $headers
);
curl_setopt_array( $ch, $options );
If I set VERIFYPEER to false it does connect but my assumption is that this wouldn't be passing the data securely?
Thank you.
I've managed to get this working however there are a few things to note which may help someone in the future.
The site was hosted with 123reg and I was informed by their support that third-party SSL certificates are not accepted. Although I was told this ultimately my code below did work.
I regenerated my .pem file so this too could have worked in my favour.
My final code as as follows: I also stripped out the php.ini code entirely.
// These two variables will differ depending on your payload for Curl
$xml_post_string = '...';
$headers = array();
// This will differ based on your endpoint
$url = 'endpoint.url';
$password = 'password';
$cert_path = '/path/to/.pem';
$ch = curl_init();
$options = array(
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSLCERT => $cert_path,
CURLOPT_SSLCERTTYPE => "PEM",
CURLOPT_SSLCERTPASSWD => $password,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $xml_post_string,
CURLOPT_HTTPHEADER => $headers
);
curl_setopt_array( $ch, $options );
$response = curl_exec($ch);
curl_close($ch);
I have a php script used to make a connection to a SSL website.
I have both CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST set to FALSE
and the version of openssl is up-to-date. (SSL Version OpenSSL/1.0.1c)
When I send a request to that SSL website, it yields the following error:
string 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol' (length=67)
I've racked my brain all day but still can't solve it. Please help!
===update===
here is my code:
$ch = curl_init();
$options = array(
CURLOPT_URL => 'https://www.example.com',
CURLOPT_HEADER => 0,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => 1,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false
);
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
curl_close($ch);
If you are trying to call a file within same server, you can use following block of code to fulfill your requirement:
ob_start();
require "b.php";
$result = ob_get_clean();
I'm trying to do the payment gateway integration in php. When i'm doing test mode payment from local payment process is working fine. i have successfully redirected to my payment page.i have used CURL to post the datas to payment gateway server.
But after upload it to server i could not do the payment . I got the following Error.
SSL connect error(35)
My code is as follows.
$request_url= "https://mypaymentserver.com"
$url = $request_url;
$successurl = url::site('payment/textpartnerssuccess', 'http');
$processurl = url::site('payment/textpartnersprocess', 'http');
$failurl = url::site('payment/textpartnersfail', 'http');
//Data bind
$invoiceno = commonfunction::randomkey_generator();
$postData = array(
"url_succesfull" => $successurl,
"url_process" => $processurl,
"url_cancel" => $failurl,
"item_id" => $jobid,
"name" => $jobdetails[0]['job_title'],
"currency" => $this->textpartners_currencycode,
"price" => $amount,
"token" => $invoiceno,
"seller_op_id" => time(),
"shipping_cost" => 0
);
$data = http_build_query($postData, NULL, '&');
// Create a new curl instance
$curl = curl_init();
// Set curl options
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_POST => TRUE,
CURLOPT_POSTFIELDS => $data,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_SSL_VERIFYHOST => FALSE,
CURLOPT_RETURNTRANSFER => TRUE,
));
if (($response = curl_exec($curl)) === FALSE)
{
// Get the error code and message
$code = curl_errno($curl);
$error = curl_error($curl);
curl_close($curl);// Close curl
echo $error_msg = 'Payment API request for failed: '.$error.'(' .$code.')'; exit;
Message::error($error_msg);
// Parse the response
parse_str($response, $data);
}
curl_close($curl); // Close curl
// Parse the response
parse_str($response, $data);
Can any one help me? Thanks in advance :)
But after upload it to server i could not do the payment
Error 35 is reported when the client is unable to connect to the SSL server (as a result of a timeout or a protocol error). Check if the server can resolve the name, make an outgoing connection to the named host, and make an outgoing connection across port 443.
Thanks Guys . Finally i have got the solution by adding the following line in curl.
curl_setopt( $ch, CURLOPT_SSL_CIPHER_LIST, 'rsa_rc4_128_sha' );