Solved

Using PHP Curl SSL

Posted on 2013-01-22
7
2,744 Views
Last Modified: 2013-02-11
I am testing the ssl connection , but I am not able to connect to the server from url, https://servicos.portaldasfinancas.gov.pt:700/fews/faturas. I have convert a PFX file to PEM file.
 My Test code is following :


////////////////////  test connection script/////////////////////////////////

public function process($url)
    {
        $soap = curl_init();


        curl_setopt($soap, CURLOPT_URL, "https://servicos.portaldasfinancas.gov.pt:700/fews/faturas");
        curl_setopt($soap, CURLOPT_SSLCERT ,  "C:\wwwroot\www-php\projects\foxfact\TestesWebServices.pem" );
        curl_setopt($soap, CURLOPT_SSLKEY ,  "C:\wwwroot\www-php\projects\foxfact\Testes__Web_Services_key" );
        curl_setopt($soap, CURLOPT_SSLKEYPASSWD ,  "TESTEwebservice" );
        curl_setopt($soap, CURLOPT_SSLVERSION, 3);
        curl_setopt($soap, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($soap, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($soap, CURLOPT_CONNECTTIMEOUT, 20);
        curl_setopt($soap, CURLOPT_TIMEOUT,        15);
        curl_setopt($soap, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($soap, CURLOPT_POST,           true);
        curl_setopt($soap, CURLOPT_POSTFIELDS,     $this->xml);
        curl_setopt($soap, CURLOPT_HTTPHEADER,     $this->headers);

        $result = curl_exec($soap);

        if (curl_errno($soap) > 0) {
            $result = array('errocurl' => curl_errno($soap), 'msgcurl' => curl_error($soap));
            echo curl_error($soap);
            // $result = false;
        }

        curl_close($soap);

        return $result;

    }
}

The error message I have in browser is following:
Curl Error : unable to use client certificate (no key found or wrong pass phrase?)
Can you have a look and advise me  where I am getting wrong.

Best Regards
Lucilia Coelho
0
Comment
Question by:luciliacoelho
  • 4
  • 3
7 Comments
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38805583
Try using forward slashes in your paths on Windows, like:

C:/path/to/key.pem

Backslashes are also escape characters when they're inside of double quotes, so PHP can think that "C:\path\to\key.pem" is actually "C:pathtokey.pem". Alternatively, if you want to use backslashes, just use two of them like "C:\\path\\to\\key.pem"
0
 

Author Comment

by:luciliacoelho
ID: 38805656
I tried the two way but now gives the error message in browser: Unknown SSL protocol error in connection to...
Can you help me with this?
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38805710
Try setting  curl_setopt($soap, CURLOPT_SSLVERSION, 3); to 2 instead of 3.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 38805756
Actually, it's also possible that the client cert auth isn't working. Double-check to make sure the client cert also doesn't need a password with:

 curl_setopt($soap, CURLOPT_SSLCERTPASSWD, "TESTEwebservice");

It all depends on your certificate (especially if the certificate file contains a key in it).
0
 

Author Comment

by:luciliacoelho
ID: 38805848
I change setting  curl_setopt($soap, CURLOPT_SSLVERSION, 2) and become Curl Error : unable to use client certificate (no key found or wrong pass phrase?).
Use  curl_setopt($soap, CURLOPT_SSLCERTPASSWD, "TESTEwebservice") and error is the same.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38806228
Try concatenating the key onto the cert, so that your cert file looks like:

-----BEGIN CERTIFICATE-----
contents of certificate
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
contents of key
-----END RSA PRIVATE KEY-----
0
 

Author Comment

by:luciliacoelho
ID: 38806242
Can you show me one example please.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question