cURL SSL Certificate error "Bad Certificate"

php curl ssl certificate ssl-certificate

15,438

Solution 1

sslv3 alert bad certificate means that CA information is missing. Use --cacert parameter and add CA cert.

unable to set private key file means that certificate passed as --cert is not the public key matched to private key

Solution 2

most likely the CA bundle is wrongful. verify the path & access permissions, maybe try setting an absolute path. if this not helps, get a CA bundle and set it alike curl_setopt($soap_do, CURLOPT_CAINFO,'cacert.pem');

15,438

Author by

Gavin

Updated on June 15, 2022

Comments

Gavin almost 2 years
I'm trying to send an SSL certificate with a soap message to a server and have only just managed to make cURL accept the certificate (.pem file spit out by putting a .pfx file through OpenSSL) and not return "unable to set private key file" (evidently the private key must keep its 'bag attributes'), however it's now returning exciting new errors:

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I've tried setting the CA certificate with:
```
curl_setopt($soap_do, CURLOPT_CAINFO, $caFile);
```
But this yields no results with the root nor the intermediate ca files I have.

Disabling this check with:
```
curl_setopt($soap_do, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($soap_do, CURLOPT_SSL_VERIFYPEER, 0);
```
brings me to the new problem:

error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

This has been a thorn in my side for weeks now and while new error messages mean changes I'm not sure it means progress. Any advice or suggestions as to what is missing/I am doing wrong would be greatly appreiciated.