CodeIgniter-cURL on self assign certificate

Question

Im using codeigniter-curl extension (https://github.com/philsturgeon/codeigniter-curl) to call API that return Json format data.

a simple code it will return the result etc

$this->curl->simple_get(http://example.com/Json/GetHotDealRedemptionProduct?APIid=888ef4d078ca&Language=en&hash=3709aa6e0efe3c95e955a1981118027a2fde0eddc216b4049e6559af55f50458);

everything seem ok until the URL changed to HTTPS.

In order to call SSL url (self signed certificate), i added these few line above my $this->curl->simple_get.... code.

$this->curl->create($this->url);
$this->curl->ssl(true, 2, 'assets/AIMS-BSN-WEB01.crt');

the cacert.pem i saved from the firefox certificate viewer and place it in my web directory. reference: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

and i get this error.

error code: 60
SSL certificate problem: unable to get local issuer certificate

i've searched the answer for a day long,

changed the php.ini setting Amazon S3 on wamp localhost SSL error
put false for CURLOPT_SSL_VERIFYPEER. it return SSL: certificate subject name 'AIMS-BSN-WEB01' does not match target host name 'api.example.com'

all these are not working.

yes. in the $this->curl->ssl function it will turn it into realpath "C:/wamp/www/assets/cacert.pem" — Bravo Net, Aug 13 '15 at 09:07
sorry because is self signed certification the name should be AIMS-BSN-WEB01.crt instead of cacert.pem — Bravo Net, Aug 13 '15 at 09:20

score 1 · Answer 1 · edited May 23 '17 at 11:44

1

ok. i manage to solved it by skipping to verify the peer or host of the certification - PHP CURL CURLOPT_SSL_VERIFYPEER ignored

and instead of putting FALSE in CURLOPT_SSL_VERIFYPEER i use 0.

$this->option(CURLOPT_SSL_VERIFYPEER, 0);
$this->option(CURLOPT_SSL_VERIFYHOST, 0);

now it works.

edited May 23 '17 at 11:44

Community

1
1

answered Aug 13 '15 at 09:41

Bravo Net

805
5
17
30

Horrible choice... You just defeated the point of SSL/TLS. You might as well use ***`aNULL`*** and ***`eNULL`***; or just use plain text. – jww Jan 03 '16 at 15:35
1

@jww. Why don't you give a solution rather than just downvote him? I'm here looking for a solution to get verify_peer to work the way it should and can't find a working answer. – Altimus Prime Jun 17 '17 at 13:09
@AuntJamaima - Downvoting a bad answer and providing a good answer are orthogonal. It seems to me the system [mostly] worked as intended. You avoided a bad answer. Also see [The most dangerous code in the world: validating SSL certificates in non-browser software](http://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html). – jww Jun 17 '17 at 13:17
@AuntJamaima - Also see [CURL SSL with self signed certificate](https://stackoverflow.com/q/27611193/608639) and [Curl error 60, SSL certificate prðblem: self signed certificate in certificate chain](https://stackoverflow.com/a/23585500/608639) – jww Jun 17 '17 at 13:31

CodeIgniter-cURL on self assign certificate

1 Answers1