2

I'm attempting to log into a bank's website via PHP/curl (PHP 5.5.3) to download transactions. I'm new to curl, so I'm trying to figure out how to just log in to the site first.

CURRENT CODE:

$postinfo = 'username=' . $username . '&password=' . $password;

$curl = curl_init();
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_NOBODY, false);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, getcwd() . '\certificateCA.cer');

curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postinfo);

$content = curl_exec($curl);

if(false == $content){
    echo curl_error($curl);
}
curl_close($curl);


print $content;

ISSUE

I'm getting the following error:

"SSL certificate problem: unable to get local issuer certificate"

WHAT I'VE TRIED

So far, I've tried getting the certificate of the remote site per the answer on this SO question. This seems to have helped, because before I was getting a different error ("error setting certificate verify locations"). The certificateCA.cer referenced in my code is the certificate I downloaded from the remote site (the bank), by choosing to export the "Base-64 encoded X.509 (.CER)" option.

As it seems my current issue is related to the local cert not the remote cert, I've tried getting the latest from here: https://curl.haxx.se/ca/cacert.pem per this SO answer.

I added the following lines to my php.ini file and restarted Apache per this SO answer:

curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"

Per this SO response, I also tried changing the file name and the reference to this:

curl.cainfo = "C:\xampp\php\extras\ssl\ssl.txt"
openssl.cafile = "C:\xampp\php\extras\ssl\ssl.txt"

HOW YOU CAN HELP ME

  1. Please help me understand CURLOPT_CAINFO. Is this expecting the certificate of the remote site, or the local machine? It seems that it's looking for the remote site certificate based on the error going away after adding that certificate, but it's not clear from the documentation exactly what it's expecting.
  2. A solution, or even a method by which I can triage this issue and find a resolution myself. It seems like what's worked for others on the linked SO questions isn't working for me, so I'm doing something wrong.
Community
  • 1
  • 1
hyphen
  • 957
  • 1
  • 11
  • 31
  • I'm having a similar problem, and have taken similar steps. Surprising nobody has answered this in over 2 years, but did you ever figure it out? – J23 Oct 19 '16 at 22:15
  • this was only a month ago or so, but I think I ended up setting the VERIFYHOST and/or VERIFYPEER to false. Not ideal, but it got me past that particular issue if I remember correctly. – hyphen Oct 23 '16 at 20:41

0 Answers0