31

I'm trying to access a third-party service via PHP curl on a Centos 6 system which comes with curl and libcurl compiled against NSS instead of OpenSSL.

This is causing problems for me, every time I try to access the service I get this error NSS: client certificate not found (nickname not specified).

My understanding is that I need to install the certificates in the NSS database.

I'm looking for step by step instructions on how to do this (keep in mind, I need this to work with PHP curl functions called from Nginx server)

Thanks

shx2
  • 61,779
  • 13
  • 130
  • 153
Jason
  • 411
  • 1
  • 4
  • 4

4 Answers4

27

Try prefixing the certificate filename with "./", or using the full path. From the curl manpage:

If curl is built against the NSS SSL library then this option [--cert] can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib- nsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname.

(emphasis mine)

Alternatively, some instructions for importing into the NSS certificate database are here, although I have not used them: http://rcritten.fedorapeople.org/nss_compat_ossl.html

pimlottc
  • 3,066
  • 2
  • 29
  • 24
  • 4
    it doesnt worked for me... my curl isn´t compiled with nsspem. So I´m using nss database... but curl never find my key friendlyname. Even if I manage to list the key names with certutil... – eduardo.lopes Aug 21 '15 at 13:22
  • This did not work for me, but lead me in the correct direction. My CURL was compiled with NSS (checked with curl -version) - and this post is the solution that ended up working for me: http://stackoverflow.com/questions/19265100/curl-command-unable-to-load-client-cert-8018/20140138#20140138 – KFox112 Oct 04 '16 at 14:19
2

I had the same issue on Centos 7. After debugging it was related to the the timeout.

So if you see this issue and use curl_setopt($curl, CURLOPT_TIMEOUT_MS, 300); Then check how long it takes. If it is around your timeout period. That is the problem and not related to any certificate.

I was expecting some timeout error from Curl in case of timeout but that doesn't seem to happen.

J. Chomel
  • 8,193
  • 15
  • 41
  • 69
Iwan van Staveren
  • 31
  • 1
0

I got the same error message with curl when I entered the wrong password when trying to access a FTPS server which used simple password authentication. It had nothing to do with certificates.

asmaier
  • 11,132
  • 11
  • 76
  • 103
0

I was able to get around this error (Centos 7, PHP 7.1.33) by editing the openssl section of /etc/php.ini and adding direction to the openssl certificates: openssl.cafile=/etc/ssl/certs/ca-bundle.crt

Josaph
  • 1
  • For a stronger answer, try including more detail and formatting your text in a more readable way, @Josaph. – DSDmark Dec 23 '22 at 12:26