All geek questions in one place

SSL certificate issuance cannot receive local issuer certificate

I am trying to send data to the payment gateway API. He demanded sending data in xml format. I have the following code:

<?php $requestUrl = 'https://api.given.bypg'; //$block->getPaymentUrl(); $amount = 100; // $block->totalOrderAmount()*100; $approveUrl = $block->approveUrl(); $cancelUrl = $block->cancelUrl(); $declineUrl = $block->declineUrl(); $merchant = 'mydomain.com'; //$amount = '100'; // in cents. 1$ = 100cents. $currency = '840'; // for dollar $description = 'Happy customers is what we make.'; $merchantId = 'Nobel106513'; ?> <?php echo $requestUrl; $xml_data = '<TKKPG> <Request> <Operation>CreateOrder</Operation> <Language>EN</Language> <Order> <OrderType>Purchase</OrderType> <Merchant>'.$merchantId.'</Merchant> <Amount>'.$amount.'</Amount> <Currency>'.$currency.'</Currency> <Description>'.$description.'</Description> <ApproveURL>'.$approveUrl.'</ApproveURL> <CancelURL>'.$cancelUrl.'</CancelURL> <DeclineURL>'.$declineUrl.'</DeclineURL> </Order> </Request> </TKKPG>'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $requestUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 60000); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_CAPATH, "/etc/apache2/ssl/m4/mydomain.com.crt"); curl_setopt($ch, CURLOPT_CAINFO, "/etc/apache2/ssl/m4/mydomain.com.crt"); curl_setopt($ch, CURLOPT_CERTINFO, 1); $headers = []; array_push($headers, 'Content-Type: text/xml;charset=UTF-8'); //array_push($headers, 'SoapAction: *'); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $content = trim(curl_exec($ch)); var_dump($content); var_dump(curl_getinfo($ch)); var_dump(curl_errno($ch)); var_dump(curl_error($ch)); curl_close($ch);
  • Output var_dump($content); empty. ''

  • Output var_dump(curl_getinfo($ch)); .

    array (size = 26)
    'url' => string ' https: //api.given.bypg '
    'content_type' => null
    'http_code' => int 0
    'header_size' => int 0
    'request_size' => int 0
    'filetime' => int -1
    'ssl_verify_result' => int 1
    'redirect_count' => int 0
    'total_time' => float 0.488533
    'namelookup_time' => float 0.028558
    'connect_time' => float 0.256858
    'pretransfer_time' => float 0
    'size_upload' => float 0
    'size_download' => float 0
    'speed_download' => float 0
    'speed_upload' => float 0
    'download_content_length' => float -1
    'upload_content_length' => float -1
    'starttransfer_time' => float 0
    'redirect_time' => float 0
    'redirect_url' => string '' (length = 0)
    'primary_ip' => string '91 .227.244.57 '(length = 13)
    'certinfo' =>
    array (size = 0)
    is empty
    'primary_port' => int 8444
    'local_ip' => string '192.168.100.64' (length = 14)
    'local_port' => int 53456

  • Output var_dump(curl_errno($ch)); : int 60

  • Output var_dump(curl_error($ch)); :

    line "SSL certificate problem: it is not possible to obtain a local issuer certificate" (length = 63) It seems that the API does not return any data, as shown in curl_getinfo (). Please help me, I saw almost all the solutions offered in the communities.

I edited the php.ini file to indicate the path to the certificate downloaded from the curl site. But that did not work.

+5
source share
2 answers

I got support from my API providers that pointed out something missing from my approach. For their gateway, I needed to download a private key, a public key and a password that protects these keys in a curl request. The solution is as follows:

 /*ssl crts*/ $twpg_cert_file = "/etc/apache2/ssl/m4/mydomain.com.crt"; $twpg_key_file = "/etc/apache2/ssl/m4/mydomain.com.key"; $twpg_key_password = ''; /*ssl crts*/ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $requestUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 60000); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_SSLCERT, $twpg_cert_file); curl_setopt($ch, CURLOPT_SSLKEY, $twpg_key_file); curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $twpg_key_password); curl_setopt($ch, CURLOPT_CERTINFO, 1); $headers = []; array_push($headers, 'Content-Type: text/xml;charset=UTF-8'); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $content = trim(curl_exec($ch)); echo nl.'response of server: '; var_dump($content); echo nl.nl.'curl info: '; var_dump(curl_getinfo($ch)); echo nl.nl.'curl error number: '; var_dump(curl_errno($ch)); echo nl.nl.'curl error info: '; var_dump(curl_error($ch)); curl_close($ch);

Now everything works as expected.

0
source

When you connect to a server to establish a secure connection, you as a client receive a server certificate at the beginning of a conversation with him. This certificate and its private key are used to establish a secure connection. The client wants to make sure that the server certificate is trusted and not created by some person in the middle of the attacker. Therefore, your client must have a CA certificate that signed the server certificate. The above error means that the client tried to find the issuance of the server certificate (or one of the issuers in the chain) and did not find it. The location that he is trying to find is in the specified file /etc/apache2/ssl/m4/mydomain.com.crt . You have two options: either add the CA certificate to the file, or disable server certificate verification (not protected) by setting CURLOPT_SSL_VERIFYPEER to false.

+1
source

Source: https://habr.com/ru/post/1274627/

More articles:


All Articles