cURL SSL Certificate error "Bad Certificate"
Solution 1
sslv3 alert bad certificate
means that CA information is missing. Use --cacert
parameter and add CA cert.
unable to set private key file
means that certificate passed as --cert
is not the public key matched to private key
Solution 2
most likely the CA bundle is wrongful. verify the path & access permissions, maybe try setting an absolute path. if this not helps, get a CA bundle and set it alike curl_setopt($soap_do, CURLOPT_CAINFO,'cacert.pem');
Gavin
Updated on June 15, 2022Comments
-
Gavin almost 2 years
I'm trying to send an SSL certificate with a soap message to a server and have only just managed to make cURL accept the certificate (.pem file spit out by putting a .pfx file through OpenSSL) and not return "unable to set private key file" (evidently the private key must keep its 'bag attributes'), however it's now returning exciting new errors:
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I've tried setting the CA certificate with:
curl_setopt($soap_do, CURLOPT_CAINFO, $caFile);
But this yields no results with the root nor the intermediate ca files I have.
Disabling this check with:
curl_setopt($soap_do, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($soap_do, CURLOPT_SSL_VERIFYPEER, 0);
brings me to the new problem:
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
This has been a thorn in my side for weeks now and while new error messages mean changes I'm not sure it means progress. Any advice or suggestions as to what is missing/I am doing wrong would be greatly appreiciated.