Clientside certificates are often used in soap webservices. For example the wsdl file link might require a clientside certificate. The server throws an error like this :
HTTP Error 403.7 - Forbidden: SSL client certificate is required.
Curl Command
To use clientside certificate with curl , test the following command
curl --cert certificate_file.pem https://www.example.com/some_protected_page
or
curl --cert certificate_file.pem:password https://www.example.com/some_protected_page
or
curl --cert certificate_file.pem:password https://www.example.com/some_protected_page
The above command should fetch the protected page which required the clientside certificate.
Php Code
Once the above command works, the equivalent code in php would be :
<?php
$url = "https://www.example.com/some_protected_page";
$cert_file = 'certificate_file.pem';
$cert_password = 'password';
$ch = curl_init();
$options = array(
CURLOPT_RETURNTRANSFER => true,
//CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
//CURLOPT_VERBOSE => true,
CURLOPT_URL => $url ,
CURLOPT_SSLCERT => $cert_file ,
CURLOPT_SSLCERTPASSWD => $cert_password ,
);
curl_setopt_array($ch , $options);
$output = curl_exec($ch);
if(!$output)
{
echo "Curl Error : " . curl_error($ch);
}
else
{
echo htmlentities($output);
}
The above code would use the certificate file and the password to fetch the url.
Certificate Formats
SSL certificates come in a variety of formats like cer , pfx , pem etc. When using curl its a good idea to convert pfx certificate files to pem format.
The openssl command can be used to do this.
$ openssl pkcs12 -in cert_file.pfx -out cert_file.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
$
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
$
