Search code examples
phpsslcurlssl-certificatephp-curl

SSL certificate issue unable to get local issuer certificate


I'm trying to post data to a payment gateway API. It required post data in xml format. I have the following code:

<?php
$requestUrl = 'https://api.given.bypg'; //$block->getPaymentUrl();

$amount = 100; // $block->totalOrderAmount()*100; 

$approveUrl = $block->approveUrl();
$cancelUrl =  $block->cancelUrl();
$declineUrl = $block->declineUrl();


$merchant = 'mydomain.com'; 
//$amount = '100'; // in cents. 1$ = 100cents. 
$currency = '840'; // for dollar
$description = 'Happy customers is what we make.';
$merchantId = 'Nobel106513';
?>

<?php
echo $requestUrl;
$xml_data = '<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language>EN</Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>'.$merchantId.'</Merchant>
<Amount>'.$amount.'</Amount>
<Currency>'.$currency.'</Currency>
<Description>'.$description.'</Description>
<ApproveURL>'.$approveUrl.'</ApproveURL>
<CancelURL>'.$cancelUrl.'</CancelURL>
<DeclineURL>'.$declineUrl.'</DeclineURL>
</Order>
</Request>
</TKKPG>';

$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $requestUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_CAPATH, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CAINFO, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CERTINFO, 1);

        $headers = [];
        array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
        //array_push($headers, 'SoapAction: *');
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $content = trim(curl_exec($ch));
        var_dump($content);
        var_dump(curl_getinfo($ch));
        var_dump(curl_errno($ch));
        var_dump(curl_error($ch));
        curl_close($ch);
  1. Output of var_dump($content); is empty ''.
  2. Output of var_dump(curl_getinfo($ch));.

    array (size=26)
    'url' => string 'https://api.given.bypg'
    'content_type' => null
    'http_code' => int 0
    'header_size' => int 0
    'request_size' => int 0
    'filetime' => int -1
    'ssl_verify_result' => int 1
    'redirect_count' => int 0
    'total_time' => float 0.488533
    'namelookup_time' => float 0.028558
    'connect_time' => float 0.256858
    'pretransfer_time' => float 0
    'size_upload' => float 0
    'size_download' => float 0
    'speed_download' => float 0
    'speed_upload' => float 0
    'download_content_length' => float -1
    'upload_content_length' => float -1
    'starttransfer_time' => float 0
    'redirect_time' => float 0
    'redirect_url' => string '' (length=0)
    'primary_ip' => string '91.227.244.57' (length=13)
    'certinfo' =>
    array (size=0)
    empty
    'primary_port' => int 8444
    'local_ip' => string '192.168.100.64' (length=14)
    'local_port' => int 53456

  3. Ouput of var_dump(curl_errno($ch)); : int 60

  4. Output of var_dump(curl_error($ch)); :

    string 'SSL certificate problem: unable to get local issuer certificate' (length=63) It seems like the API is returning no data as seen on curl_getinfo(). Please help me, I have seen almost every solution suggested in communities.

I have edited my php.ini file to give the path to the certificate downloaded from curl website. But this did not work as well.


Solution

  • I got support from my API providers who pointed something missing in my approach. For their gateway I needed to load the private key, public key and password that protects these keys in curl request. The solution is as follows:

    /*ssl crts*/
    $twpg_cert_file = "/etc/apache2/ssl/m4/mydomain.com.crt";
    $twpg_key_file = "/etc/apache2/ssl/m4/mydomain.com.key";
    $twpg_key_password = '';
    /*ssl crts*/
    $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $requestUrl);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
            curl_setopt($ch, CURLOPT_POST, 1);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
            curl_setopt($ch, CURLOPT_SSLCERT,  $twpg_cert_file);
            curl_setopt($ch, CURLOPT_SSLKEY, $twpg_key_file);
            curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $twpg_key_password);
            curl_setopt($ch, CURLOPT_CERTINFO, 1);
            $headers = [];
            array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
            $content = trim(curl_exec($ch));
            curl_close($ch);
    

    Now every thing works as expected.