Enabling SSL Support for CURL in XAMPP
I am using an encoded PHP script, which requires SSL support for CURL.
I am currently using XAMPP for local development and need to know how to update the default CURL such that SSL is enabled over it.
The reason I am looking for an upgrade/support is that I am getting the following error, which when googled up and etc. I understand that SSL is not supported for CURL on my machine.
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Anyone have any recommendations for me, please? My Current local server config:
XAMPP 1.7.3 cURL support enabled
cURL Information 7.19.6 Apache Version Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_asis mod_auth_basic mod_auth_digest mod_authn_default mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_cgi mod_dav mod_dav_fs mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_ssl mod_status mod_vhost_alias mod_autoindex_color mod_php5 mod_perl mod_apreq2 SERVER_SIGNATURE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Server at localhos开发者_运维知识库t Port 80 SERVER_SOFTWARE Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Not supported on your machine? The error you've posted means that CURL wasn't able to verify the SSL certificate for the remote server, and doesn't necessarily point to a specific inadequacy of your machine.
In my previous experience with CURL, it defaults to not accepting/trusting any certificates. Depending on your setup and what you plan to do with it, you may want to trust a single, self-signed certificate [[Cannot verify self-signed certs!]] (e.g. from another machine you run) or you may want to trust a true Certificate Authority (which will enable verification of any certs signed by that CA). This tutorial is fairly straightforward, provided you're familiar with how to change CURL's settings:
http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/
You can pick and choose root CAs if you take that path, but if you're just securing transfers between two of your own machines you only need to set CURL to trust the other machine's certificate.
On the other hand, if you indeed have some deeper problem with SSL, it may have resulted from any number of things, such as being built without SSL support. If you are making, configuring, and compiling your own build of CURL, you may want to take a look at http://curl.haxx.se/docs/faq.html on the topics concerning SSL, including
http://curl.haxx.se/docs/sslcerts.html and http://curl.haxx.se/docs/faq.html#What_certificates_do_I_need_when
Take note in the latter link (the FAQ) that self-signed certificates CANNOT be verified. If you're connecting to another of your own servers, its certificate will need to be signed by a CA and the CA's certificate trusted by CURL for the connection to succeed. There are free CAs out there if you only need to get a signature or you can set up your own CA (In my experience, it's just ten times easier to get it signed by someone already set up to do so). If the other server is hosting a secure site that deals with "the real world" (money, products, personal information, etc), its cert should be or you should get it signed by a trusted CA anyway (VISA, Equifax, Comodo, you can find a list of trusted root CAs in every browser).
I've covered what I can in response to that error, but if none of this helps, a little more information on your setup and system might help. :)
A really simple fix that worked for me was to call:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
before calling:
curl_exec():
in the php file.
I believe that this disables all verification of SSL certificates.
you should sign your public key with a certificate authority (there is some script which can do these things for you ) or you can send your a certification sign request and sign it using your own created CA or some free certificate authority ......
path for the CA.pl script /usr/lib/ssl/misc/CA.pl
this command will create a certificate authority which is reuired to sign your server key the public key of this CA must also be included in the CA_file
$ CA.pl -newca
creates a private key for the server and a certification request
$ CA.pl -newreq
creates the server certificate from the private key and the request (involving the CA private key)
$ CA.pl -sign
精彩评论