I'm trying to connect to a remote host using cURL. The connection requires the use of a certificate and a private key which is password protected. So far I'm unsuccessful with this code below:
<?php
$wsdl = 'https://domain.com/?wsdl';
$certFile = getcwd() . '/auth/cert.pem';
$keyFile = getcwd() . '/auth/key.pem';
$password = 'pwd';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wsdl);
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $password);
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);
#curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$output = curl_exec($ch);
var_dump(curl_errno($ch));
var_dump(curl_error($ch));
The result I keep getting is error 58: unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM.
Things I've tried so far:
openssl_private_key() gives me a resource, and not a boolean. So this seems good.SLL_VERIFY_PEER, SSL_VERIFY_HOST, SSL_CERTTYPE and other options which seemed trivial regarding the official PHP-docs. No luck so far.I'm pretty sure the problem lies somehwere in my configuration, but I'm not sure where to look.
I've fixed this problem. I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution. Here goes:
I used the openssl CLI program to convert the .p12 key-file to a .pem key-file. The trick is the way the conversion takes place.
First I converted it with this command and I had the issue as described in the question:
openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts
While the command below did the actual trick:
openssl pkcs12 -in key.p12 -out key.pem -clcerts
For more info, see the source I used