cURL with SSL certificates fails: error 58 unable to set private key file

php ssl curl certificate

45,111

Solution 1

I've fixed this problem. I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution. Here goes:

I used the openssl CLI program to convert the .p12 key-file to a .pem key-file. The trick is the way the conversion takes place.

First I converted it with this command and I had the issue as described in the question:

openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts

While the command below did the actual trick:

openssl pkcs12 -in key.p12 -out key.pem -clcerts

For more info please see the source I used: https://community.qualys.com/docs/DOC-3273

Solution 2

Just in case this is useful to others searching for this problem, I ended up discovering that CURLOPT_SSLCERT and CURLOPT_SSLKEY don't seem to work with relative paths.

This is with WAMP, php version 5.5 on Windows.

45,111

Author by

Ben Fransen

I'm Ben.

Updated on July 04, 2020

Comments

Ben Fransen almost 4 years
I'm trying to connect to a remote host using cURL. The connection requires the use of a certificate and a private key which is password protected. So far I'm unsuccessful with this code below:
```
<?php
    $wsdl       = 'https://domain.com/?wsdl';
    $certFile   = getcwd() . '/auth/cert.pem';
    $keyFile    = getcwd() . '/auth/key.pem';
    $password   = 'pwd';

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,           $wsdl);
    curl_setopt($ch, CURLOPT_SSLCERT,       $certFile);
    curl_setopt($ch, CURLOPT_SSLKEYPASSWD,  $password);
    curl_setopt($ch, CURLOPT_SSLKEY,        $keyFile);
    #curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
    #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    $output = curl_exec($ch);

    var_dump(curl_errno($ch));
    var_dump(curl_error($ch));
```
The result I keep getting is error 58: unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM.

Things I've tried so far:
- Check if the key-file is readable as suggested here: Unable to use libcurl to access a site requiring client authentication. Trying to pass the file through openssl_private_key() gives me a resource, and not a boolean. So this seems good.
- Switch the order of the content in the key.pem file as suggested here: Unable to use libcurl to access a site requiring client authentication. No luck so far.
- Played around with some other options like SLL_VERIFY_PEER, SSL_VERIFY_HOST, SSL_CERTTYPE and other options which seemed trivial regarding the official PHP-docs. No luck so far.
I'm pretty sure the problem lies somehwere in my configuration, but I'm not sure where to look.
- Bruno over 9 years
  
  "Switch the order of the content in the key.pem". You key.pem file (which contains the private key) should only really contain 1 PEM-encoded section (for the private key). It's the order of the cert file you might need to change. The client-cert for this private key should be at the top.
Bruno over 9 years

-nodes removes the encryption on the key, which may conflict with you trying to use a password in this case.
Ben Fransen over 9 years

Thanks for the additional info. I wasn't aware of that.
S.Simkhada almost 5 years

Did the trick for me! After days of being stuck on this! Thank You
Palec over 2 years

Seems this page may explain the command line options: openssl.org/docs/manmaster/man1/openssl-pkcs12.html