1

I'm trying to send a GET request using PHP curl by passing a certificate

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_POST, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
$pemFile = tmpfile();
fwrite($pemFile, "demo-cert.p12");//the path for the pem file
$tempPemPath = stream_get_meta_data($pemFile);
$tempPemPath = $tempPemPath['uri'];
curl_setopt($ch, CURLOPT_SSLCERT, $tempPemPath);
$result = curl_exec($ch);
if(!$result)
{
    echo "Curl Error: " . curl_error($ch);
}
else
{
    echo "Success: ". $result;
}

But don't know how to pass the "password" so I get this error

Curl Error: could not load PEM client certificate, OpenSSL error error:0906D06C:PEM 
routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wrong file format?)

[update]

Changed demo-cert.p12 to demo-cert.pem which exists with the php file but still getting the same issue because no password sent. The certificate folder contains other 2 files: demo-combined.pem and demo-key.pem but first need to send the password.

[update2]

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_POST, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSLCERT, 'demo-key.pem');
curl_setopt($ch, CURLOPT_SSLKEY, 'demo-cert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'pass');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'pass');

These files are stored with the PHP file in the same directory. Still getting the same error

[update 3]

How to edit the code to send the server certificate as well?

curl --show-error --verbose --cacert server-cert.pem --cert cert2.pem

curl_setopt($ch, CURLOPT_SSLCERT, 'demo-cert.pem');
curl_setopt($ch, CURLOPT_SSLKEY, 'demo-key.pem');

The result is: 

Success: SOAP-ENV:ClientData required for operation

Not returning XML data as did while opening the same URL in the browser. Anything wrong yet?

PHP User
  • 2,350
  • 6
  • 46
  • 87
  • Well it seems you write the string `"demo-cert.p12"` to the pem file and not the content of the p12-file. I think you have to convert your p12-certificate to a real pem certificate. You can check out this stackoverflow-question to see how this is done: https://stackoverflow.com/questions/24363317/curl-cannot-connect-using-p12-certificate - you can also opt to strip away the password, but if you want to use a password you can use the curl option `CURLOPT_KEYPASSWD`. – vstm Jun 14 '18 at 12:15
  • updated. replaced demo-cert.p12 with demo-cert.pem – PHP User Jun 14 '18 at 12:21
  • Code updated again – PHP User Jun 14 '18 at 12:28
  • How do the pem files look do they have a header like `-----BEGIN CERTIFICATE-----` ? – vstm Jun 14 '18 at 12:30
  • Some data at the beginning like version, serial and other information then -----BEGIN CERTIFICATE----- – PHP User Jun 14 '18 at 12:32
  • The file should start with the "BEGIN CERTIFICATE" stuff. Just remove it so that begin certificate is at the start. Oh and btw you mixed up `CURLOPT_SSLCERT` and `CURLOPT_SSLKEY`. You supply the certificate to the SSLKEY option and vice versa. – vstm Jun 14 '18 at 12:34
  • And to be precise, this also is true for the private key, it should start with the --- stuff first – vstm Jun 14 '18 at 12:35
  • exchanged files names and getting success but not getting data I get if I open the URL via the broswer. so both results are different – PHP User Jun 14 '18 at 12:54
  • Success: SOAP-ENV:ClientData required for operation – PHP User Jun 14 '18 at 12:57
  • how to send server certificate as well along with client certificate? curl --show-error --verbose --cacert server-cert.pem --cert cert2.pem – PHP User Jun 14 '18 at 13:36

2 Answers2

2

First changed "CURLOPT_POST" from True to False. Second exchanged "CURLOPT_SSLCERT" value with "CURLOPT_SSLKEY" value to send the correct certificate and key file names Thanks to @vstm and now I get the correct result.

Thank you all.

PHP User
  • 2,350
  • 6
  • 46
  • 87
2

Since you are using the filename - Try an absolute path. You don't need both the key and Cert to be converted to PEM. Just use the Single .PEM file that has both the certificate and key.

e.g

curl_setopt($ch, CURLOPT_SSLCERT, 'c:/wamp64/www/bit-tool/www/testcert.pem');
Rickyras
  • 71
  • 4