Menu
I need some assistance rewriting this PHP curl code that uses *.pem (CA cert), Client cert and private key in one file:
curl_setopt($curl, CURLOPT_URL, $this->url);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSLCERT, $this->keystore);
curl_setopt($curl, CURLOPT_CAINFO, $this->keystore);
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $this->keystorepassword);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
So it could use CA certificate, Client Certificate and Private Key in separate files.
As in this command-line example:
curl -d "var1=value1&var2=value2&..." -G -v --key key.pem --cacert ca.pem --cert client.pem:xxxxxx https://www.somesite.com/page
396
To authenticate with a private key and certificate using curl, you will need to provide the --key and --cert options to your request. The private key must be decrypted in plain text. The provided certificate must contain the corresponding public key.
Curl is as secure as a normal HTTP request.
cURL is a PHP library and command-line tool (similar to wget) that allows you to send and receive files over HTTP and FTP. You can use proxies, pass data over SSL connections, set cookies, and even get files that are protected by a login.
Here is a PHP script with a literal translation of your command line call:
<?php
$data = "var1=value1&var2=value2&...";
$url = "https://www.somesite.com/page";
$keyFile = "key.pem";
$caFile = "ca.pem";
$certFile = "client.pem";
$certPass = "xxxxxx";
// Initialise cURL
$ch = curl_init($actualUrl);
// The -d option is equivalent to CURLOPT_POSTFIELDS. But...
// PHP's libcurl interface does not implement the -G flag - instead you would
// append $data to $url like this:
$actualUrl = $url.'?'.$data;
curl_setopt($ch, CURLOPT_URL, $actualUrl);
// The -v flag only makes sense at the command line, but it can be enabled
// with CURLOPT_VERBOSE - in this case the information will be written to
// STDERR, or the file specified by CURLOPT_STDERR. I will ignore this for
// now, but if you would like a demonstration let me know.
// The --key option - If your key file has a password, you will need to set
// this with CURLOPT_SSLKEYPASSWD
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);
// The --cacert option
curl_setopt($ch, CURLOPT_CAINFO, $caFile);
// The --cert option
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass);
/*
Now we should get an identical request to the one created by your command
line string, let's have a look at some of the other options you set...
*/
// CURLOPT_HEADER is disabled by default, there's no need for this unless you
// enabled it earlier
//curl_setopt($ch, CURLOPT_HEADER, 0);
// Your command line string forces a GET request with the -G option, are you
// trying to POST or GET?
//curl_setopt($ch, CURLOPT_POST, true);
// We don't need body data with a GET request
//curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
// Since we've gone to all the trouble of supplying CS information, we might
// as well validate it!
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
