ssl - PHP CURL error: unable to use client certificate (no key found or wrong pass phrase?)
Get the solution ↓↓↓I am doing this:
$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, '1');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '2');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1');
curl_setopt($ch, CURLOPT_CAINFO, getcwd().'/public.pem');
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/private.key');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, '1234');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, '1234');
curl_setopt($ch, CURLOPT_URL, "http://api-xxxxxx.duosecurity.com/auth/v2/preauth");
$dataa = curl_exec($ch);
I am getting this error:unable to use client certificate (no key found or wrong pass phrase?)
What am I missing? If the code is ok then could you please guide me on how to generate a pair of certificates for this purpose using eitheropenssl
ORssh-keygen
?
Answer
Solution:
This is how you connect to yahoo over HTTPS
$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, '1');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '2');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1');
curl_setopt($ch, CURLOPT_URL, "https://m.yahoo.com/");
$dataa = curl_exec($ch);
You do not use client certificates to talk to HTTPS hosts.
The reasons that browers/clients don't use client certificates are too varied to list here.
It seems that client certificates are a method of authenticating - or logging in - to a web site - they are not part of encrypting the communication to the server.
https://en.wikipedia.org/wiki/Client_certificate
https://pilif.github.io/2008/05/why-is-nobody-using-ssl-client-certificates/
http://blogs.msdn.com/b/kaushal/archive/2012/02/18/client-certificates-v-s-server-certificates.aspx
Update
After learning that the original question concerns duosecurity's API, and not a regular yahoo http connection, I looked at duo's API documents and JS & PHP client libraries. I cannot find any reference to client side SSL certificates.
To circle back and tackle the original error of "no key found or wrong pass phrase" we should look at the CURLOPT_* settings.
In the original question, the cert and key are identified incorrectly with curlopt settings.
$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, '1');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '2');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1');
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/public.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, '1234');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd().'/private.key');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, '1234');
curl_setopt($ch, CURLOPT_URL, "http://api-xxxxxx.duosecurity.com/auth/v2/preauth");
$dataa = curl_exec($ch);
Use SSLCERT(PASSWORD) and SSLKEY(PASSWORD) to enable client side certificates. It is unlikely that your client side certificates needs a CA - CURLOPT_CAINFO is only used to help identify the peer, not yourself.
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: illegal string offset
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.