17

I'm trying to collect some data using Curl, connecting to service that some external company provided. They, in addition to address itself, sent me p12 certificate file that is required to estabilish connection.

When I'm trying to use it with curl, I get following error:

#58: not supported file type 'P12' for certificate

So far I've tried updating curl and php-curl. Nothing changed.

My code:

...
curl_setopt($ch, CURLOPT_SSLCERT, 'cert_path');
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'P12');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'my_pass');
...

Funny thing is that this code works on our production environment, while it doesn't work on my local machine (Linux Mint 16).

ex3v
  • 3,518
  • 4
  • 33
  • 55

1 Answers1

37

Found the solution.

Easiest way to do this is to extract .pem key and certificate from .p12 file.

For example (tested on linux):

openssl pkcs12 -in file.p12 -out file.key.pem -nocerts -nodes
openssl pkcs12 -in file.p12 -out file.crt.pem -clcerts -nokeys

Will create key/cert pair in current directory.

Now, to use it:

curl_setopt($ch, CURLOPT_SSLCERT, 'file.crt.pem');
curl_setopt($ch, CURLOPT_SSLKEY, 'file.key.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'pass');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'pass');

Where pass is the password from .p12 file.

ex3v
  • 3,518
  • 4
  • 33
  • 55
  • 2
    This answer is not fully correct. You dont need 2 separate files. Your commands don't create 'pass' on your files, so they will not be encrypted. Just do 1 file with `-clcerts` option. – imclickingmaniac Apr 19 '18 at 17:14
  • @imclickingmaniac Can you note which command you are saying will work? I'm unclear. Are you saying only the 2nd command is needed? Also, what would then change about the curl_setopt settings? I've tried so many combinations with a .p12 file and password but they all give errors on the ca certs and I just end up here. – SteveExdia Jun 23 '21 at 19:28
  • 2
    @SteveExdia If I remember correctly this is what you need: `openssl pkcs12 -in file.p12 -out file.crt.pem -clcerts`. This is dummy code to explain how I do it (more or less) using php: http://sandbox.onlinephpfunctions.com/code/41487980de8fd47316bd8a38a84494e47990024c – imclickingmaniac Jun 25 '21 at 09:44
  • @SteveExdia Here you will find some more information when I had same problems with p12. This is using SOAP, but idea behind this is exact same. https://stackoverflow.com/questions/49918241/curl-soap-request-with-p12-ssl-certificate – imclickingmaniac Jun 25 '21 at 09:50