Use clientside ssl certificate with curl and php

By | June 13, 2012

Clientside certificates are often used in soap webservices. For example the wsdl file link might require a clientside certificate. The server throws an error like this :

HTTP Error 403.7 - Forbidden: SSL client certificate is required.

Curl Command

To use clientside certificate with curl , test the following command

curl --cert certificate_file.pem https://www.example.com/some_protected_page
or
curl --cert certificate_file.pem:password https://www.example.com/some_protected_page

The above command should fetch the protected page which required the clientside certificate.

Php Code

Once the above command works, the equivalent code in php would be :

<?php

$url = "https://www.example.com/some_protected_page";
$cert_file = 'certificate_file.pem';
$cert_password = 'password';

$ch = curl_init();

$options = array( 
	CURLOPT_RETURNTRANSFER => true,
	//CURLOPT_HEADER         => true,
	CURLOPT_FOLLOWLOCATION => true,
	CURLOPT_SSL_VERIFYHOST => false,
	CURLOPT_SSL_VERIFYPEER => false,
	
	CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
	//CURLOPT_VERBOSE        => true,
	CURLOPT_URL => $url ,
	CURLOPT_SSLCERT => $cert_file ,
	CURLOPT_SSLCERTPASSWD => $cert_password ,
);

curl_setopt_array($ch , $options);

$output = curl_exec($ch);

if(!$output)
{
	echo "Curl Error : " . curl_error($ch);
}
else
{
	echo htmlentities($output);
}

The above code would use the certificate file and the password to fetch the url.

Certificate Formats

SSL certificates come in a variety of formats like cer , pfx , pem etc. When using curl its a good idea to convert pfx certificate files to pem format.

The openssl command can be used to do this.

$ openssl pkcs12 -in cert_file.pfx -out cert_file.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
$
About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *