SSL POST w Client CertificateHi Nelson,

I *think* i have done the same as you need to do using this code - I was supplied a CA cert and a private cert by a third party - the private cert was used to verify my server to theirs.

I think you are missing CURLOPT_SSLCERTPASSWD, this is used to suppply your password to the cert specified by CURLOPT_SSLCERT ( I assume you converted that to PEM using openssl - the passwword you sould supply is the one you entered when doing the conversion)

curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt ($ch,CURLOPT_SSLCERT, $private_cert);
curl_setopt ($ch, CURLOPT_SSLCERTPASSWD, $private_cert_password );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_CAINFO, $ca_cert);

HTH,

Kevin
  ----- Original Message -----
  From: Nelson Ricardo Gomes
  To: 'curl-and-php_at_lists.sourceforge.net'
  Sent: Friday, July 11, 2003 10:18 AM
  Subject: SSL POST w Client Certificate

  A small introduction to the topic,

  I need to perform a HTTPS POST to a certain site. Nothing new!
  But I'm required to do it with a client certificate.
  (I'm also doing it throught a proxy! But works fine.)

  Let's take a look at the code:

                  if ($ch = curl_init()) {
                          if ( ( curl_setopt($ch, CURLOPT_URL, POST_URL))
                                  &&(curl_setopt($ch, CURLOPT_HEADER, 0))
                                  &&(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0))
                                  &&(curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0))
                                  &&(curl_setopt($ch, CURLOPT_CAINFO, 'C:/ca.pem'))
                                  &&(curl_setopt($ch, CURLOPT_SSLCERT, 'C:/c.pem'))
                                  &&(curl_setopt($ch, CURLOPT_SSLVERSION, 3))
                                  &&(curl_setopt($ch, CURLOPT_POSTFIELDS, $param))
                                  ) {

                                  if (CC_PROXY)
                                          curl_setopt($ch, CURLOPT_PROXY, CC_PROXY);
                                  if (CC_PROXY_USER)
                                          curl_setopt($ch, CURLOPT_PROXYUSERPWD, CC_PROXY_USER);

                                  echo htmlentities(curl_exec ($ch));
                          }

                          curl_close($ch);
                  }

  And this code works, but the server doesn't recognize the client cert. In the past I programmed SSL with openssl, and I got the idea that I have to pass a third file, the private key, to do this. How can I pass it with curl and php? (I believe curl makes it available).

  The cert is public (for testing and is in pkcs12 format, and I have converted it to pem, has I done before).

  Comments anyone?

  Nelson Gomes
  Security Developer & Electronic Payments

  .......................................................................................

  Novabase
  Av. Engº Duarte Pacheco, 15F , 1070-100 Lisboa - Portugal
  Tel. (+351) 213 836 300 . Fax (+351) 213 836 301
  nelson.gomes_at_novabase.pt
  www.novabase.pt
  <<tpa1266.pfx>>

-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
Received on 2003-07-14