在套接字连接中添加客户端证书

Question

I am stuck with this problem since last few days but could not get any solution.

I am using net php-epp client and here is my code...

$context = stream_context_create(
    array(
        'ssl'=>array(
            'local_cert'=> dirname(__FILE__).'/cert.pem',
            'passphrase' => dirname(__FILE__).'/key.pem',
        )
    )
);

$greeting = $client->connect($host, $port, $timeout, $ssl, $context);
echo $greeting;

I am getting following error...

Warning: stream_socket_client(): Unable to set private key file

And before you ask key.pem starts with -----BEGIN RSA PRIVATE KEY----- and cert.pem starts with -----BEGIN CERTIFICATE-----

However i can connect using...

openssl s_client -connect epp.dom.net:700 -key key.pem -cert cert.pem -CApath /etc/ssl/certs/

This command shows connected, so does that mean my certificates are fine?

Please someone help me to fix this. Please

Thank You.

Answer 1

According to the PHP documentation , the private key must be specified in the local_pk stream context option. The passphrase option (which you are currently using) is necessary when the private key file itself was encrypted with a passphrase:

local_pk string

Path to local private key file on filesystem in case of separate files for certificate (local_cert) and private key.

passphrase string

Passphrase with which your local_cert file was encoded.

This means your stream context should be initialized like this:

$context = stream_context_create(array(
    'ssl' => array(
        'local_cert' => dirname(__FILE__) . '/cert.pem',
        'local_pk' => dirname(__FILE__) . '/key.pem',
    )
));

---

Alternatively, you can also concatenate certificate and private key into one file and use the local_cert option only (plus a passphrase option if -- and only if -- your private key is encrypted with a passphrase).