cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

VeriSign certificate problem: "SSL certificate problem, verify that the CA cert is OK"

From: thomas Armstrong <tarmstrong_at_gmail.com>
Date: Wed, 23 Jan 2008 13:39:10 +0100

Hi.

Using cURL and PHP with Linux, I want to make a webservice request to
a remote server which requires an X509 cert.

I got a Trial SSL Certificate by Verisign and obtained three files:
- ssl.key (private key and generated by my server)
- verisign.crt (SSL certificate by Verisign)
- verisign-ca.crt (Intermediate and Root Trial CA by Verisign)
These two last files were obtained from:
http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html

I created this piece of code:
---------------------
<?php

$LOCAL_PATH = "/var/www/vhosts/mydomain.com/httpdocs";

$sslcertpath = $LOCAL_PATH . "/verisign.crt";
$sslkeypath = $LOCAL_PATH . "/ssl.key";
$sslCApath = $LOCAL_PATH . "/verisign-ca.crt";

$firstName = "John";
$lastName = "Smith";

$SOAPrequest = <<< End_Of_Quote
<?xml version="1.0" encoding="UTF-8"?>
<firstName>$firstName</firstName>
<lastName>$lastName</lastName>

End_Of_Quote;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.domain.com/webservice.asp");
curl_setopt($ch, CURLOPT_SSLCERT, $sslcertpath);
curl_setopt($ch, CURLOPT_SSLKEY, $sslkeypath);
curl_setopt($ch, CURLOPT_CAINFO, $sslCApath);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $SOAPrequest);

echo curl_exec($ch);
if (curl_error($ch))
printf("Error %s: %s", curl_errno($ch), curl_error($ch));
curl_close ($ch);
?>
-----------------------------------------------------

And I got this error message:
------------
[]# php webservice.php
Error 60: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
-------------

Must I send VeriSign Intermediate and Root CA certificates to
webservice server so that they install it? Thank you very much.
_______________________________________________
http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-and-php
Received on 2008-01-23

This message: [ Message body ]
Next message: Kevin Eppinger: "Using CURLOPT_TIMEOUT_MS correctly?"
Previous message: Richard Lynch: "Re: cURL problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]