Geek Answers Handbook

Enabling SSL for CURL in XAMPP

I am using an encoded PHP script that requires SSL support for CURL.

I am currently using XAMPP for local development and should know how to update CURL by default so that SSL is enabled on top of it.

The reason why I am looking for update / support is because I get the following error, which when google starts, etc. I understand that SSL is not supported for CURL on my machine.

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Anyone have recommendations for me please? My current local server configuration:

XAMPP 1.7.3 cURL support is included
information cURL 7.19.6
Apache version Apache / 2.2.14 (Win32) DAV / 2 mod_ssl / 2.2.14 OpenSSL / 0.9.8l mod_autoindex_color PHP / 5.3.1 mod_apreq2-20090110 / 2.7.1 mod_perl / 2.0.4 Perl / v5.10.1
Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_asis mod_auth_basic mod_auth_digest mod_authn_default mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_ssl mod_status mod_vhost_alias mod_autoindex_color mod_php5 mod_perl mod_apreq2
SERVER_SIGNATURE Apache / 2.2.14 (Win32) DAV / 2 mod_ssl / 2.2.14 OpenSSL / 0.9.8l mod_autoindex_color PHP / 5.3.1 mod_apreq2-20090110 / 2.7.1 mod_perl / 2.0.4 Perl / v5.10.1 Server on localhost Port 80
SERVER_SOFTWARE Apache / 2.2.14 (Win32) DAV / 2 mod_ssl / 2.2.14 OpenSSL / 0.9.8l mod_autoindex_color PHP / 5.3.1 mod_apreq2-20090110 / 2.7.1 mod_perl / 2.0.4 Perl / v5.10.1

+8
curl ssl xampp
source share
3 answers

Not supported on your computer? The error you posted means that CURL was unable to verify the SSL certificate for the remote server and does not necessarily indicate the specific inadequacy of your computer. In my previous experience with CURL, it does not accept / distrust certificates by default. Depending on your setup and what you plan to do with it, you can trust one, self-signed certificate [[Unable to verify self-signed certificates!]] (For example, from another machine that you are running) , or you can trust a true certificate authority (which will allow you to verify any certificates signed by this CA). This lesson is simple enough if you are familiar with how to change the CURL settings: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected- sites /

You can choose the root CAs if you take this path, but if you just provide transfer between your two machines, you only need to install CURL to trust another machine certificate.

On the other hand, if you really have deeper problems with SSL, this can be due to any number of things, for example, without SSL support. If you create, configure, and compile your own CURL assembly, you can take a look at http://curl.haxx.se/docs/faq.html for SSL topics, including

http://curl.haxx.se/docs/sslcerts.html and http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when

Please note the last link (FAQ) that self-signed certificates CANNOT be verified. If you connect to another native server, its certificate must be signed by a CA and a CA certificate that CURL trusts for a successful connection. There are free certificate authorities there, if you only need to get a signature or you can set up your own certification authority (in my experience, it is only ten times easier to get it signed by someone already set up for this). If another server hosts a secure site that deals with the "real world" (money, products, personal information, etc.), its certificate must be or you must get it signed by a trusted CA in any case (VISA, Equifax, Comodo, you can find a list of trusted root certificate authorities in each browser).

I explained that I can, in response to this error, but if this does not help, you may need a little more information about your setup and system. :)

+10
source share

The very simple fix that worked for me was to call:

 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

before calling:

  curl_exec():

in php file.

I believe this disables SSL certificate validation.

+8
source share

you must sign your public key using a certification authority (this could be a script for you), or you can send your request for a certification mark and sign it using your own created certification authority or some free certification authority ......

for CA.pl script / usr / lib / ssl / misc / CA.pl

this command will create a certificate authority that will be re-signed for your server key, the public key of this CA should also be included in the CA_file file

 $ CA.pl -newca

creates a private key for the server and a certification request

 $ CA.pl -newreq

creates a server certificate from the private key and request (including the CA private key)

 $ CA.pl -sign
0
source share

Source: https://habr.com/ru/post/649975/

More articles:


All Articles