cURL with SSL certificates fails: error 58 unable to set private key file
Solution 1
I've fixed this problem. I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution. Here goes:
I used the openssl
CLI program to convert the .p12 key-file to a .pem key-file. The trick is the way the conversion takes place.
First I converted it with this command and I had the issue as described in the question:
openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts
While the command below did the actual trick:
openssl pkcs12 -in key.p12 -out key.pem -clcerts
For more info please see the source I used: https://community.qualys.com/docs/DOC-3273
Solution 2
Just in case this is useful to others searching for this problem, I ended up discovering that CURLOPT_SSLCERT and CURLOPT_SSLKEY don't seem to work with relative paths.
This is with WAMP, php version 5.5 on Windows.
Comments
-
Ben Fransen almost 4 years
I'm trying to connect to a remote host using cURL. The connection requires the use of a certificate and a private key which is password protected. So far I'm unsuccessful with this code below:
<?php $wsdl = 'https://domain.com/?wsdl'; $certFile = getcwd() . '/auth/cert.pem'; $keyFile = getcwd() . '/auth/key.pem'; $password = 'pwd'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $wsdl); curl_setopt($ch, CURLOPT_SSLCERT, $certFile); curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $password); curl_setopt($ch, CURLOPT_SSLKEY, $keyFile); #curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $output = curl_exec($ch); var_dump(curl_errno($ch)); var_dump(curl_error($ch));
The result I keep getting is error
58
:unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM
.Things I've tried so far:
- Check if the key-file is readable as suggested here: Unable to use libcurl to access a site requiring client authentication. Trying to pass the file through
openssl_private_key()
gives me a resource, and not a boolean. So this seems good. - Switch the order of the content in the key.pem file as suggested here: Unable to use libcurl to access a site requiring client authentication. No luck so far.
- Played around with some other options like
SLL_VERIFY_PEER
,SSL_VERIFY_HOST
,SSL_CERTTYPE
and other options which seemed trivial regarding the official PHP-docs. No luck so far.
I'm pretty sure the problem lies somehwere in my configuration, but I'm not sure where to look.
-
Bruno over 9 years"Switch the order of the content in the key.pem". You
key.pem
file (which contains the private key) should only really contain 1 PEM-encoded section (for the private key). It's the order of the cert file you might need to change. The client-cert for this private key should be at the top.
- Check if the key-file is readable as suggested here: Unable to use libcurl to access a site requiring client authentication. Trying to pass the file through
-
Bruno over 9 years
-nodes
removes the encryption on the key, which may conflict with you trying to use a password in this case. -
Ben Fransen over 9 yearsThanks for the additional info. I wasn't aware of that.
-
S.Simkhada almost 5 yearsDid the trick for me! After days of being stuck on this! Thank You
-
Palec over 2 yearsSeems this page may explain the command line options: openssl.org/docs/manmaster/man1/openssl-pkcs12.html