1

I'm developing a php client to interact with Nominet EPP server, and as I found in their web site:http://registrars.nominet.uk/namespace/uk/registration-and-domain-management/registrar-systems/epp/registration

I need to use a "Verisign Class 3 Public Primary Certification Authority" root certificate. I found one in here (Verisign is bought by Symantec): https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&id=SO5624&actp=LIST&viewlocale=en_US

When I use it in my php code:

//$context = stream_context_create(array($this->protocol => $options));
$context = stream_context_create();
stream_context_set_option($context, $this->protocol, 'local_cert', __DIR__ . '/../../certificates/'.$this->certificate_path);

$errno = false;
$errstr = false;
$this->socket = stream_socket_client($this->protocol.'://'.$this->hostname.':'.$this->port, $errno, $errstr, 5 , STREAM_CLIENT_CONNECT, $context);

Everything is ok: path of certificate, port, hostname ... And I get:

"stream_socket_client(): Unable to set private key file ..."

I know I need a private key, but in Symentec website they don't give a private key.

Do anyone have any idea ?

Thanks so much,

Hassan,

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54

1 Answers1

0

You are not using the right context option. This option is to define your certificate. What you want is use the certificate you found to authenticate the peer server, to make sure you are really talking to the right one.

As stated by this:

In order to verify the identity of the secure server you will need the 'Verisign Class 3 Public Primary Certification Authority' root certificate available free from www.verisign.com (the certificate is also distributed with most web browsers).

On PHP Doc:

local_cert

string Path to local certificate file on filesystem. It must be a PEM encoded file which contains your certificate and private key.

But what you want is this:

cafile

Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.

Salketer
  • 14,263
  • 2
  • 30
  • 58
  • Thanks Salketer for your reply, I changed it and I get "stream_socket_client(): Failed to enable crypto" –  Sep 20 '17 at 09:18
  • Googling the error, it seems that people resolve it by adding the curl module... I'd double check that first. – Salketer Sep 20 '17 at 11:25
  • What do you mean by adding the curl module ? Did you mean sending a curl request instead of "stream_socket_client" ? –  Sep 21 '17 at 09:04
  • No it's already done, I used it in some tasks in the same project –  Sep 21 '17 at 09:33
  • Then I guess, if you searched enough already, it is time for another question for this debug. – Salketer Sep 21 '17 at 09:36