1

I'm working on a payment system integration for a website. For now I'm testing on a local computer with xampp. I have submitted a .csr file to the bank server, then they provide me the .crt file. I do have a .key file too.

When I try to submit the certificate and some value to the bank server with including certificate file path (.crt) and .key file, it throws the error:

Curl Error : error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca

My code is:

 $twpg_gateway_url = '<bankurl>';
    $twpg_cert_file = getcwd().'<.crtfile with path>'; 
    $twpg_key_file = getcwd().'<.keyfile with path>';
    $twpg_key_password = '';
    $curl = curl_init();

    $options = array(
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HEADER => false,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_SSL_VERIFYPEER => false,
        CURLOPT_POST => true,
        CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
        //CURLOPT_VERBOSE        => true,
        CURLOPT_URL => $twpg_gateway_url . '/Exec',
        CURLOPT_POSTFIELDS => $request,
        CURLOPT_HTTPHEADER => array('Content-Type: text/xml'),
        CURLOPT_TIMEOUT => 30
    );

    if ($twpg_cert_file != '') {
        $options[CURLOPT_SSLCERT] = $twpg_cert_file;
        $options[CURLOPT_SSLKEY] = $twpg_key_file;
        $options[CURLOPT_SSLKEYPASSWD] = $twpg_key_password;
    }

    curl_setopt_array($curl, $options);

    $response = curl_exec($curl);
    if(!$response)
    {
        echo "Curl Error : " . curl_error($curl);
    }
    curl_close($curl);

    return $response;
Shawn Northrop
  • 5,826
  • 6
  • 42
  • 80
sushan shrestha
  • 115
  • 1
  • 10
  • Are you adding the directory separator after the `getcwd`? file permissions? - what is the error you're getting? – Julian Camilleri Nov 13 '17 at 14:26
  • @belthazorNv wasn't thankyou for addressing, i have done that now but now it throw me: Curl Error : error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca .... do you know what might cause this? – sushan shrestha Nov 13 '17 at 14:45
  • You need to specify a CA to use for path validation. Where are you adding the CA to root trust? Did you omit some code or are you not doing it? Also see [HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK](https://stackoverflow.com/q/6400300/608639) – jww Nov 13 '17 at 19:15
  • Some of these options look dangerous, like [`CURLOPT_SSL_VERIFYHOST => false`](https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html). Are you sure you should be using them in an application that handles financial data? I doubt it will pass a PCI audit. – jww Nov 13 '17 at 19:38
  • also add error checking to your setopt calls! setopt and setopt_array returns bool(false) if there was a problem setting your options, which your code completely ignores! (add a check with a runtime exception) – hanshenrik Nov 13 '17 at 19:53
  • @jww thats what i dont understand , I'm new in this ssl thing, I don't understand what CA is, is it something i need to store in project file? or is the one that is downloaded from CURL website? – sushan shrestha Nov 15 '17 at 04:02
  • I'm getting the same error using the same method for a p12 file, and searches I do for the error just drop me into StackOverflow. It's like dead ends unless I become an expert at OpenSSL, PHP cURL, and PKCS#12. – SteveExdia Jun 23 '21 at 19:34

0 Answers0