Solved

Using PHP Curl SSL

Posted on 2013-01-22
7
2,692 Views
Last Modified: 2013-02-11
I am testing the ssl connection , but I am not able to connect to the server from url, https://servicos.portaldasfinancas.gov.pt:700/fews/faturas. I have convert a PFX file to PEM file.
 My Test code is following :


////////////////////  test connection script/////////////////////////////////

public function process($url)
    {
        $soap = curl_init();


        curl_setopt($soap, CURLOPT_URL, "https://servicos.portaldasfinancas.gov.pt:700/fews/faturas");
        curl_setopt($soap, CURLOPT_SSLCERT ,  "C:\wwwroot\www-php\projects\foxfact\TestesWebServices.pem" );
        curl_setopt($soap, CURLOPT_SSLKEY ,  "C:\wwwroot\www-php\projects\foxfact\Testes__Web_Services_key" );
        curl_setopt($soap, CURLOPT_SSLKEYPASSWD ,  "TESTEwebservice" );
        curl_setopt($soap, CURLOPT_SSLVERSION, 3);
        curl_setopt($soap, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($soap, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($soap, CURLOPT_CONNECTTIMEOUT, 20);
        curl_setopt($soap, CURLOPT_TIMEOUT,        15);
        curl_setopt($soap, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($soap, CURLOPT_POST,           true);
        curl_setopt($soap, CURLOPT_POSTFIELDS,     $this->xml);
        curl_setopt($soap, CURLOPT_HTTPHEADER,     $this->headers);

        $result = curl_exec($soap);

        if (curl_errno($soap) > 0) {
            $result = array('errocurl' => curl_errno($soap), 'msgcurl' => curl_error($soap));
            echo curl_error($soap);
            // $result = false;
        }

        curl_close($soap);

        return $result;

    }
}

The error message I have in browser is following:
Curl Error : unable to use client certificate (no key found or wrong pass phrase?)
Can you have a look and advise me  where I am getting wrong.

Best Regards
Lucilia Coelho
0
Comment
Question by:luciliacoelho
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
Try using forward slashes in your paths on Windows, like:

C:/path/to/key.pem

Backslashes are also escape characters when they're inside of double quotes, so PHP can think that "C:\path\to\key.pem" is actually "C:pathtokey.pem". Alternatively, if you want to use backslashes, just use two of them like "C:\\path\\to\\key.pem"
0
 

Author Comment

by:luciliacoelho
Comment Utility
I tried the two way but now gives the error message in browser: Unknown SSL protocol error in connection to...
Can you help me with this?
0
 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
Try setting  curl_setopt($soap, CURLOPT_SSLVERSION, 3); to 2 instead of 3.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
Comment Utility
Actually, it's also possible that the client cert auth isn't working. Double-check to make sure the client cert also doesn't need a password with:

 curl_setopt($soap, CURLOPT_SSLCERTPASSWD, "TESTEwebservice");

It all depends on your certificate (especially if the certificate file contains a key in it).
0
 

Author Comment

by:luciliacoelho
Comment Utility
I change setting  curl_setopt($soap, CURLOPT_SSLVERSION, 2) and become Curl Error : unable to use client certificate (no key found or wrong pass phrase?).
Use  curl_setopt($soap, CURLOPT_SSLCERTPASSWD, "TESTEwebservice") and error is the same.
0
 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
Try concatenating the key onto the cert, so that your cert file looks like:

-----BEGIN CERTIFICATE-----
contents of certificate
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
contents of key
-----END RSA PRIVATE KEY-----
0
 

Author Comment

by:luciliacoelho
Comment Utility
Can you show me one example please.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now