Based on the PEM certificate and a key file, I'm creating two P12 (Pfx) files, with and without passphrase
demo_cert.pem
demo_key.pem
demo_pfx_withoutPassphrase.p12
demo_pfx_withPassphrase.p12
openssl pkcs12 -export -clcerts -in demo_cert.pem -inkey demo_key.pem -out demo_pfx_withoutPassphrase.p12
Enter Export Password: (empty)
Verifying - Enter Export Password: (empty)
openssl pkcs12 -export -clcerts -in demo_cert.pem -inkey demo_key.pem -out demo_pfx_withPassphrase.p12
Enter Export Password: 12345
Verifying - Enter Export Password: 12345
This file is used to communicate with the server.
<? php
try{
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json,application/octet-stream"));
curl_setopt($curl, CURLOPT_SSLCERTTYPE, "P12");
curl_setopt($curl, CURLOPT_SSLCERT, getcwd() . 'demo_pfx_withPassphrase.p12');
curl_setopt($curl, CURLOPT_SSLCERTPASSWD, '12345');
//curl_setopt($curl, CURLOPT_SSLKEYPASSWD, '12345');
$resp = curl_exec($curl)
if (curl_errno($curl)) {
$error_msg = curl_error($curl);
echo 'Curl error: ' . curl_error($curl);
echo "<br>";
}
else{
echo curl_getinfo($curl);
echo 'Curl info: ' . curl_getinfo($curl)[0];
echo "<br>";
}
}
catch(Exception $e){
echo $e;
}
?>
Im able to successfully establish communication with the server using demo_pfx_withoutPassphrase.p12 (with out passphrase).
However, the same is not possible with the file containing a passphrase, demo_pfx_withPassphrase.p12, despite providing the password in SSLCERTPASSWD option
This is following error is what I get.
-------------------- Error response from the REMOTE SSL SERVER --------------------
58
int(58)
Curl error: could not open PKCS12 file 'demo_pfx_withPassphrase.p12'
How can I establish connection to server using a P12 file containing a passphrase?
Any advice and suggestions will be thoroughly appreciated.
Finally figured out the solution for the P12 (pfx) certificate not able to establish communication with the server using demo_pfx_withPassphrase.p12 (with passphrase)
The certificate file din't have the read permission
Provide read permission to the certificate file
chomod +r demo_pfx_withPassphrase
This should do it.
Finally, wrt providing passphrase for the associated P12 file, either provide SSLKEYPASSWD or SSLCERTPASSWS. Either one of these will work fine.
// --- Authorized Certificate with passphrase
curl_setopt($curl, CURLOPT_SSLCERT, getcwd() . 'demo_pfx_withPassphrase.p12');
curl_setopt($curl, CURLOPT_SSLKEYPASSWD, '12345'); // either sslkeypsswd
curl_setopt($curl, CURLOPT_SSLCERTPASSWD, '12345'); // or sslcertpasswd