I'm trying to write a PHP script using cURL that can authorize a user through a page that uses an SSL certificate, in addition to username and password, and I can't seem to get past the SSL cert stage.
In this case, curl_setopt($handle, CURLOPT_VERIFYPEER, 0) unfortunately isn't an option. The certificate is a required part of authentication, otherwise I get the error mentioned in this other similar SO post.
I've tried a few command-line runs with cURL:
> curl --url https://website
This returns the (60) SLL certificate problem error. If I adjust the command to include the --cacert option:
> curl --url https://website --cacert /path/to/servercert.cer
It works just fine; the auth website is returned.
However, I've tried the following PHP code:
$handle = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => false,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => false,
CURLOPT_SSL_VERIFYHOST => '0',
CURLOPT_SSL_VERIFYPEER => '1',
CURLOPT_CAINFO => '/path/to/servercert.cer',
CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
CURLOPT_VERBOSE => true,
CURLOPT_URL => 'https://website'
);
curl_setopt_array($handle, $options);
curl_exec($handle);
if (curl_errno($handle)) {
echo 'Error: ' . curl_error($handle);
}
curl_close($handle);
I would have thought the code was essentially analogous to the shell commands, but instead I'm greeted with the following error message:
Error: error setting certificate verify locations: CAfile: /path/to/servercert.cer CApath: none
I've read all the literature I can find (particularly on php.net and curl.haxx) and can't seem to find anything that fixes this problem. Any suggestions?
EDIT: I have tried chmod 777 servercert.cer with no success. However, in executing the PHP script with the above code from the command line instead of the browser via php test.php, it works perfectly. Any explanation for why it doesn't work in the browser?