I'm trying to collect some data using Curl
, connecting to service that some external company provided. They, in addition to address itself, sent me p12
certificate file that is required to estabilish connection.
When I'm trying to use it with curl
, I get following error:
#58: not supported file type 'P12' for certificate
So far I've tried updating curl and php-curl. Nothing changed.
My code:
...
curl_setopt($ch, CURLOPT_SSLCERT, 'cert_path');
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'P12');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'my_pass');
...
Funny thing is that this code works on our production environment, while it doesn't work on my local machine (Linux Mint 16).
(TLS) Tells curl what type the provided client certificate is using. PEM, DER, ENG and P12 are recognized types. If not specified, PEM is assumed. If this option is used several times, the last one will be used.
Make a request from Curl using mutual TLS The CA root certificate will be used to verify that the client can trust the certificate presented by the server. Pass your certificate, private key, and root CA certificate to curl to authenticate your request over TLS.
The error you have encountered claims your certificate is self-signed, so it's non-trusted by default. That's why you are getting the OpenSSL warning. To solve this, you'll need to install it as a trusted server. If it's signed by a non-trusted CA, you'll have to install that CA's certificate as well.
Found the solution.
Easiest way to do this is to extract .pem
key and certificate from .p12
file.
For example (tested on linux
):
openssl pkcs12 -in file.p12 -out file.key.pem -nocerts -nodes
openssl pkcs12 -in file.p12 -out file.crt.pem -clcerts -nokeys
Will create key/cert pair in current directory.
Now, to use it:
curl_setopt($ch, CURLOPT_SSLCERT, 'file.crt.pem');
curl_setopt($ch, CURLOPT_SSLKEY, 'file.key.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'pass');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'pass');
Where pass
is the password from .p12
file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With