Using curl in php with client certificate and private key in separate files

I need help rewriting this PHP code which uses *.pem ( CA cert ), Client cert and private key in one file:

 curl_setopt($curl, CURLOPT_URL, $this->url); curl_setopt($curl, CURLOPT_HEADER, 0); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl, CURLOPT_SSLCERT, $this->keystore); curl_setopt($curl, CURLOPT_CAINFO, $this->keystore); curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $this->keystorepassword); curl_setopt($curl, CURLOPT_POSTFIELDS, $post); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 

Thus, it can use CA certificate Client Certificate and Private Key in separate files.

Like in this command line example:

curl -d "var1=value1&var2=value2&..." -G -v --key key.pem --cacert ca.pem --cert client.pem:xxxxxx https://www.somesite.com/page

+10
source share
1 answer

Here is a PHP script with a literal translation of your command line call:

 <?php $data = "var1=value1&var2=value2&..."; $url = "https://www.somesite.com/page"; $keyFile = "key.pem"; $caFile = "ca.pem"; $certFile = "client.pem"; $certPass = "xxxxxx"; // Initialise cURL $ch = curl_init($actualUrl); // The -d option is equivalent to CURLOPT_POSTFIELDS. But... // PHP libcurl interface does not implement the -G flag - instead you would // append $data to $url like this: $actualUrl = $url.'?'.$data; curl_setopt($ch, CURLOPT_URL, $actualUrl); // The -v flag only makes sense at the command line, but it can be enabled // with CURLOPT_VERBOSE - in this case the information will be written to // STDERR, or the file specified by CURLOPT_STDERR. I will ignore this for // now, but if you would like a demonstration let me know. // The --key option - If your key file has a password, you will need to set // this with CURLOPT_SSLKEYPASSWD curl_setopt($ch, CURLOPT_SSLKEY, $keyFile); // The --cacert option curl_setopt($ch, CURLOPT_CAINFO, $caFile); // The --cert option curl_setopt($ch, CURLOPT_SSLCERT, $certFile); curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass); /* Now we should get an identical request to the one created by your command line string, let have a look at some of the other options you set... */ // CURLOPT_HEADER is disabled by default, there no need for this unless you // enabled it earlier //curl_setopt($ch, CURLOPT_HEADER, 0); // Your command line string forces a GET request with the -G option, are you // trying to POST or GET? //curl_setopt($ch, CURLOPT_POST, true); // We don't need body data with a GET request //curl_setopt($ch, CURLOPT_POSTFIELDS, $post); // Since we've gone to all the trouble of supplying CS information, we might // as well validate it! //curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
+23
source

Source: https://habr.com/ru/post/919567/


All Articles