Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL Certificate with PHP CURL

Tags:

php

curl

xml

ssl

I'm using curl to send an xml file over https to the rightmove API - they supplied me with all the certificates.

I am getting the error :

60SSL certificate problem: unable to get local issuer certificateResult =

I have tried everything i have found on every other stackoverflow post similar and nothing is working, i have tried downloading the old cacert.pem and changed the files in php.ini - ive installed my personal information file andcreated a certificate on the browser and local machine and nothing is removing the error 60.

This is my PHP :

<?php
  $xml = file_get_contents("myxml.xml");

  $ch = curl_init();

  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__).'\mypem.pem');

  curl_setopt($ch, CURLOPT_URL, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
  curl_setopt($ch, CURLOPT_HEADER, 0);
  curl_setopt($ch, CURLOPT_POST, 1);

  curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  curl_setopt($ch, CURLOPT_REFERER, 'https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails');
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt ($ch, CURLOPT_VERBOSE , 1);

  $ch_result = curl_exec($ch);
print curl_errno($ch);
print curl_error($ch);
  echo "Result = ".$ch_result;
  curl_close($ch);

?>

this has had me banging my head for days, i would be very grateful for any assistance.

like image 719
Gaz Smith Avatar asked Mar 21 '16 13:03

Gaz Smith


People also ask

How disable SSL cURL PHP?

To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid.

Can I use cURL in PHP?

cURL is a PHP extension that allows you to use the URL syntax to receive and submit data. cURL makes it simple to connect between various websites and domains.

Is PHP cURL secure?

Curl is as secure as a normal HTTP request.


2 Answers

For my particular case i needed to add the keyfile, sslcert and cert password.

   //$xml = file_get_contents("thexmlfile.xml");
  $xml= $propertyXml->asXML();
  $ch = curl_init();

    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_CAINFO, getcwd() . '\pemfile.pem');

  curl_setopt($ch, CURLOPT_URL, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
  curl_setopt($ch, CURLOPT_HEADER, 0);
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_SSH_PRIVATE_KEYFILE, getcwd() . '\myjks.jks');
  curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '\pemfile.pem');
  curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "thesslpassword");
  curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  curl_setopt($ch, CURLOPT_REFERER, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt ($ch, CURLOPT_VERBOSE , 1);

 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

  $ch_result = curl_exec($ch);
print curl_errno($ch);
print curl_error($ch);
  echo "Result = ".$ch_result;
  curl_close($ch);
like image 76
Gaz Smith Avatar answered Oct 30 '22 03:10

Gaz Smith


It is failing as curl is unable to verify the certificate provided by the server.

There are two options to get this to work:

1 Allows curl to make insecure connections, that is curl does not verify the certificate.

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

2 Add the root CA (the CA signing the server certificate) in php.ini

curl.cainfo=/path/to/cacert.pem

You should use option 2 as thats the option that ensures that you are connecting to secure ftp server.

like image 29
walkingRed Avatar answered Oct 30 '22 02:10

walkingRed