Scraping with client certificate request with php and curl

Question

I'm trying to download a file that needs to be authenticated through a client digital certificate, I already have the certificate but I do not know how to configure it in curl.

$useragent = '...';
$post = array( ... );
$certPass = '123456';
$certPath = _DIR_PATH.'cert/';
$certPfx = $certPath.'certificate.pfx';
$cert = $certPath.'certificate.pem';

$url = 'https://www.url.com/path/to/access';

$ch = curl_init( $url );
$options = array(
          CURLOPT_FAILONERROR => true,
                        CURLOPT_RETURNTRANSFER => true,
                        CURLOPT_AUTOREFERER => true,
                        CURLOPT_HEADER => true,
                        CURLOPT_NOBODY => true,
                        CURLOPT_CAINFO => $cert,
                        CURLOPT_CAPATH => $certPath,
                        CURLOPT_SSH_PRIVATE_KEYFILE => $certPfx,
                        CURLOPT_SSLCERT => $cert,
                        CURLOPT_SSLCERTPASSWD => $certPass,
                        CURLOPT_SSL_VERIFYHOST => 2,
                        CURLOPT_SSL_VERIFYPEER => true,
                        CURLOPT_POST => true,
                        CURLOPT_POSTFIELDS => $post,
                        CURLOPT_USERAGENT => $useragent,
                        CURLOPT_COOKIE => 'ASP.NET_SessionId='.$cookie
                    );
curl_setopt_array( $ch, $options );
$resp = curl_exec($ch);

$ch_errno = curl_errno($ch);
$ch_erro = curl_error($ch);

curl_close($ch);

I am always getting the message: SSL certificate problem: unable to get local issuer certificate.

Can someone help me?

Answer 1

PHP cURL: Fixing the “SSL certificate problem: unable to get local issuer certificate” error.

If you are using PHP's cURL functions to connect to a HTTPS URL, you might come across the following error:

SSL certificate problem: unable to get local issuer certificate. (cURL error code 60)

This is a common error that occurs whenever you attempt to use PHP's cURL functions to connect to a HTTPS website. Essentially, your cURL client has not been configured to connect to SSL-enabled websites.

The Quick Fix.

CURLOPT_SSL_VERIFYHOST: This option tells cURL that it must verify the host name in the server cert.
CURLOPT_SSL_VERIFYPEER: This option tells cURL to verify the authenticity of the SSL cert on the server.

For example.

$url = 'https://google.com';

//Initiate cURL.
$ch = curl_init($url);

//Disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER by
//setting them to false.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

//Execute the request.
curl_exec($ch);

//Check for errors.
if(curl_errno($ch)){
    throw new Exception(curl_error($ch));
}

Answer 2

You need to configure your php.ini porperly with current (valid) certificates.

curl.cainfo    = "/etc/php7.2/cacert.pem"
openssl.cafile = "/etc/php7.2/cacert.pem"

Look at https://curl.haxx.se/docs/caextract.html to download the current one. After that restart your webserver.

Do not something like

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

which will work, but disables any verification and security.