Shopify PHP with SSL certificate: where do I set USE_SSL_PEM?

Question

First steps with Shopify here...

I'm running PHP 5.4 and apache 2.2 on a windows 7 machine with cURL 7.24. I am trying to follow along with this Sample App (https://github.com/cmcdonaldca/ohShopify-Sample-App) which uses the ohShopify PHP adapter but...

I'm getting the "SSL certificate problem, verify that the CA cert is OK" error after I allow the app access to the shop (which is on https://xxxxxx.myshopify.com ). This problem is mentioned in the PHP API FAQ - Q2 ( http://wiki.shopify.com/PHP_API_FAQ ) with a possible solution. But I don't understand where to "set USE_SSL_PEM to true in your configuration". What configuration does this mean? PHP.ini ? CURLOPT_ ? Just define it in the php code? I've tried it in the php code in the config_lib.php file that is part of the Sample App like so:

define('USE_SSL_PEM',true);

but that doesn't work.. and a search through the Sample App files reveals that nothing uses it... so I've got to be in the wrong place.

The second part in the FAQ is to define 'CA_FILE' in the .php code. I'm okay with that, I think, as I have exported the myshopify.com certificate and it seems valid. I converted it from .cer to .pem using:

openssl x509 -inform DES -in ie_shopify.cer -out shopify.pem -text

And then in the config_lib.php file:

define('CA_FILE', getcwd() . '\\shopify.pem');

I have confirmed that CA_FILE does point correctly to the file with an absolute path.

I've also tried what is suggested here (http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/) by setting CURLOPT_CAINFO in the ohShopify curlSetopts() function that is being called but with the same result.

And (as mentioned) I found out how to convert .cer to .pem from here (http://curl.haxx.se/docs/sslcerts.html)

Thanks,

Neil

UPDATE: solved! Instead of trusting the .pem file that I had first extracted using Internet Explorer as a .cer file and then coverted to a .pem file using openssl, I went to:

curl.haxx.se/docs/caextract.html 

...and grabbed the Mozilla CA certificate bundle - this is already in .pem format. I placed the cacert.pem file in the same directory as my other one and updated the CURLOPT_CAINFO line in the curlSetopts() function (I added this line previously in shopify.php). As before, I pointed directly at the file:

curl_setopt($ch, CURLOPT_CAINFO, 'D:/apache/htdocs/cacert.pem');

And it works. Moving on.

UPDATE 2: just to clarify, since I originally looked for the solution in the PHP API FAQ for Shopify (mentioned above) ... I did not need to set the USE_SSL_PEM value (wherever it belongs) or to add the define CA_FILE code. The advice about CURLOPT_CAINFO from the unitstep.net blog was correct.

Answer 1

I found a solution to my problem: unsurprisingly, the .pem file was incorrect - just as the error message indicated. I replaced it completely it with the Mozilla CA certificate bundle from

http://curl.haxx.se/docs/caextract.html 

Then in the shopify.php file I added the following line to the curlSetopts() function using an absolute path to point directly to the downloaded .pem file:

curl_setopt($ch, CURLOPT_CAINFO, 'D:/apache/htdocs/cacert.pem');