I'm trying to get mutual ssl authentication working between two LAMP servers.
I actually have 3 servers. One being the master and the other two are clients making SOAP calls to it.
On the master and one client I have Comodo Postive SSL certificates installed. I can connect from that client to the master and have the SSL authentication succeed.
On the second client I installed a Lets Encrypt certificate. I got the root certificate from their website (and also verified it was correct using https://whatsmychaincert.com).
This server fails the soap call. I've checked the httpd error log on the master and it has this:
SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
My understanding is that this means that the CLIENT is not verifying the MASTER's certificate.
If I use cURL from the command line on this client that does work. I call cURL like this:
curl -v --cert /etc/letsencrypt/live/ssl3.demoserver.co.za/cert.pem
--cacert /etc/letsencrypt/live/ssl3.demoserver.co.za/combined.crt
--key /etc/letsencrypt/live/ssl3.demoserver.co.za/privkey.pem
https://ssl2.demoserver.co.za/index.php
In this case combined.crt is a file with both the comodo chain and the letsencrypt chain concatenated.
The PHP file looks like this:
<?php
$contextOptions = array(
'ssl' => array(
'verify_peer' => true,
'cafile' => '/etc/letsencrypt/live/ssl3.demoserver.co.za/combined.crt',
'local_cert' => '/etc/letsencrypt/live/ssl3.demoserver.co.za/keycert.pem',
'verify_depth' => 5,
'disable_compression' => true,
'SNI_enabled' => true
)
);
$sslContext = stream_context_create($contextOptions);
$options2 = array(
'uri' => 'https://ssl2.demoserver.co.za',
'location' => 'https://ssl2.demoserver.co.za/Soap.php',
'trace' => 1,
'stream_context' => $sslContext
);
$client = new SoapClient(NULL, $options2);
print "<span style=\"color:green;\">'".$client->GetData()."'<span>";
?>
The keycert.pem file is a concatenation of the private key and the certificate.
All of the servers are Centos7 with php 5.4.16
