Solved

Using PHP Curl SSL

Posted on 2013-01-22
7
2,725 Views
Last Modified: 2013-02-11
I am testing the ssl connection , but I am not able to connect to the server from url, https://servicos.portaldasfinancas.gov.pt:700/fews/faturas. I have convert a PFX file to PEM file.
 My Test code is following :


////////////////////  test connection script/////////////////////////////////

public function process($url)
    {
        $soap = curl_init();


        curl_setopt($soap, CURLOPT_URL, "https://servicos.portaldasfinancas.gov.pt:700/fews/faturas");
        curl_setopt($soap, CURLOPT_SSLCERT ,  "C:\wwwroot\www-php\projects\foxfact\TestesWebServices.pem" );
        curl_setopt($soap, CURLOPT_SSLKEY ,  "C:\wwwroot\www-php\projects\foxfact\Testes__Web_Services_key" );
        curl_setopt($soap, CURLOPT_SSLKEYPASSWD ,  "TESTEwebservice" );
        curl_setopt($soap, CURLOPT_SSLVERSION, 3);
        curl_setopt($soap, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($soap, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($soap, CURLOPT_CONNECTTIMEOUT, 20);
        curl_setopt($soap, CURLOPT_TIMEOUT,        15);
        curl_setopt($soap, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($soap, CURLOPT_POST,           true);
        curl_setopt($soap, CURLOPT_POSTFIELDS,     $this->xml);
        curl_setopt($soap, CURLOPT_HTTPHEADER,     $this->headers);

        $result = curl_exec($soap);

        if (curl_errno($soap) > 0) {
            $result = array('errocurl' => curl_errno($soap), 'msgcurl' => curl_error($soap));
            echo curl_error($soap);
            // $result = false;
        }

        curl_close($soap);

        return $result;

    }
}

The error message I have in browser is following:
Curl Error : unable to use client certificate (no key found or wrong pass phrase?)
Can you have a look and advise me  where I am getting wrong.

Best Regards
Lucilia Coelho
0
Comment
Question by:luciliacoelho
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38805583
Try using forward slashes in your paths on Windows, like:

C:/path/to/key.pem

Backslashes are also escape characters when they're inside of double quotes, so PHP can think that "C:\path\to\key.pem" is actually "C:pathtokey.pem". Alternatively, if you want to use backslashes, just use two of them like "C:\\path\\to\\key.pem"
0
 

Author Comment

by:luciliacoelho
ID: 38805656
I tried the two way but now gives the error message in browser: Unknown SSL protocol error in connection to...
Can you help me with this?
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38805710
Try setting  curl_setopt($soap, CURLOPT_SSLVERSION, 3); to 2 instead of 3.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 38805756
Actually, it's also possible that the client cert auth isn't working. Double-check to make sure the client cert also doesn't need a password with:

 curl_setopt($soap, CURLOPT_SSLCERTPASSWD, "TESTEwebservice");

It all depends on your certificate (especially if the certificate file contains a key in it).
0
 

Author Comment

by:luciliacoelho
ID: 38805848
I change setting  curl_setopt($soap, CURLOPT_SSLVERSION, 2) and become Curl Error : unable to use client certificate (no key found or wrong pass phrase?).
Use  curl_setopt($soap, CURLOPT_SSLCERTPASSWD, "TESTEwebservice") and error is the same.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38806228
Try concatenating the key onto the cert, so that your cert file looks like:

-----BEGIN CERTIFICATE-----
contents of certificate
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
contents of key
-----END RSA PRIVATE KEY-----
0
 

Author Comment

by:luciliacoelho
ID: 38806242
Can you show me one example please.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question