cURL 58 error Unable to load client key -8178

Question

enter code hereI am trying to build me first ssl connection however i am unable to pinpoint what the reason is for error code 58 Unable to load.

i am using php curl to test the connection here is the code is use

$port = "443"; 

        $cert = getcwd() . "/controllers/ssl/certificate.pem";
        $testxml = "testset/npsLv01.xml";

        $headers = array(
            'Content-Type: text/xml; charset="utf-8"',
            'Content-Length: '.strlen($testxml),
            'Accept: text/xml',
            'Cache-Control: no-cache',
            'Pragma: no-cache',
            'SOAPAction: "Send"'
        ); 

        try {
        $ch = curl_init($testurl);

        if (FALSE === $ch)
            throw new Exception('failed to initialize');

        //curl opties om ssl verbinding op te zetten
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSLVERSION, 6);
        curl_setopt($ch, CURLOPT_SSLCERT, $cert);
        curl_setopt($ch, CURLOPT_PORT, $port);


        //post data afhandeling
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
        curl_setopt($ch, CURLOPT_POSTFIELDS, $testxml);

        //headers voor het verwerken van de post
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

        //timeout settings
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 10);

        //trying stuff out
        curl_setopt($ch, CURLOPT_NOBODY, true);
        curl_setopt($ch, CURLOPT_CERTINFO, true);
        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        //exec de request
        $data = curl_exec($ch);

        if (FALSE === $data)
            throw new Exception(curl_error($ch), curl_errno($ch));

        } catch(Exception $e) {

            echo 'error code = ';
            echo $e->getCode();
            echo " error message = ";
            echo $e->getMessage();
            die;

        }
        var_dump($data); die;

when is exec this code i get the following error: error code = 58 error message = Unable to load client key -8178

Answer 1

By setting CURLOPT_SSLCERT to /controllers/ssl/certificate.pem you set this file up as the certificate the client should use to authenticate itself against the server. In this case the certificate needs to be accompanied with the private key matching the public key in the server. But, it doesn't and that's why you get the error "Unable to load client key" .

After the question was edited with the contents of the certificate file it looks like that there is a misunderstanding of the purpose of the file. The file consists of two certificates, where the second on is the leaf certificate for a server with a common name of *.ijsselgemeenten.nl while the first one is the certificate for the sub-CA which issued this certificate RapidSSL SHA256 CA - G3 . My guess is that these should not be used as client certificates but that this is the server certificate which should get expected by the client.

In this case:

CURLOPT_SSL_VERIFYPEER should not be set to false because the server should be validated
CURLOPT_SSLCERT should not be set since no authentication with a client certificate should be done
If both server and local CA store are setup properly it should work now. If not (ie missing sub-CA at the server) one might try to set CURLOPT_CAINFO to the given file.

Answer 2

Today I solved the same problem and I want to share a solution, it may be useful to someone.

I was sent the certfile.p12 to make ssl requests. I extracted the file by openssl utility to public.pem and privatekey.pem . On my local machines Mac OS and Windows the code worked great.

// Works great on Mac OS and Windows
$data = [
    'field1' => 'demo1',
    'field2' => 'demo2',
    'field3' => 'demo3'
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/public.pem');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd() . '/cert/privatekey.pem');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));

$response = curl_exec($ch);
curl_close($ch);

But on CentOS 7 I began to get an error "cURL 58 error Unable to load client key -8178 " , it turned out that the Mac OS and CentOS works differently with the curl SSL Verification

My solution:

I extracted the certfile.p12 by openssl in this case only to one file with this command:

openssl pkcs12 -in certfile.p12 -out keys.pem -nodes

And little bit changed the php code to this:

// Works great on Mac OS, Windows and CentOS 7 by my testing
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/keys.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));

And it worked :)

cURL 58 error Unable to load client key -8178

Question

2 answers

solution1
1 ACCPTED 2017-08-07 11:50:26

solution2
0 2019-08-27 19:48:00

cURL 58 error Unable to load client key -8178

Question

2 answers

solution1 1 ACCPTED 2017-08-07 11:50:26

solution2 0 2019-08-27 19:48:00

solution1
1 ACCPTED 2017-08-07 11:50:26

solution2
0 2019-08-27 19:48:00