Passing client certificates through Curl request using Guzzle

Question

I have the following curl command

sudo curl -E openyes.crt.pem --key openyes.key.pem https://sky.myapitutorial.in:444/app/live/get

which works fine. But when I am trying to do from Guzzle, its failing.

I am unable to pass the client certificates in the request.

This is what I tried

$headers = ['Content-Type' => 'application/json','X-Client-Id' => config('mykey') , 'X-Client-Secret' => config('mykey')];

        $client = new client();

        try {
            $response = $client->post(
                $endpoint
                , 
                ['json' => $content, 'headers' => $headers,['connect_timeout' => 650]],
                [
                    'config' => [
                        'curl' => [
                            'CURLOPT_SSLKEY' => base_path().'/openyes.key.pem',
                            'CURLOPT_SSLCERT' => base_path().'/openyes.crt.pem',
                            'CURLOPT_VERBOSE' => true
                        ],
                    ]
                ],
                ['debug'=>true],
                ['http_errors' => false]
            );

            dd($response);

        }
        catch (GuzzleHttp\Exception\ClientException $e) {
            $response = $e->getResponse();
            throw $e;
        }

I couldn't find any solution in Guzzle documentation.

Any idea why is this not working?

The error I am getting is

cURL error 35: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure (see http:\/\/curl.haxx.se\/libcurl\/c\/libcurl-errors.html)

score 43 · Accepted Answer · edited Apr 13 '21 at 11:43

43

You can use ssl_key and cert:

$response = $client->post(
    $endpoint, [
        'json' => $content,
        'headers' => $headers,
        'connect_timeout' => 650,
        // add these
        'cert' => '/path/to/openyes.crt.pem',
        'ssl_key' => '/path/to/openyes.key.pem'
    ]
);

if they have a pass phrase, you can set them like this:

        'cert' => ['/path/to/openyes.crt.pem', 'password'],
        'ssl_key' => ['/path/to/openyes.key.pem', 'password']

edited Apr 13 '21 at 11:43

Starx

77,474
47
185
261

answered Mar 31 '18 at 16:33

Federkun

36,084
8
78
90

I got this now cURL error 58: unable to set private key file: '/Users/ajeesh/Documents/Open/open-sme-backend-live/private.key' type PEM (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) . My private key has a pass phrase. How do I pass it ? – Ajeesh Mar 31 '18 at 16:39
as an array, where the password is the second element. I amended my answer with an example. – Federkun Mar 31 '18 at 16:41
1

You will get your bounty soon :) It worked like charm ! – Ajeesh Mar 31 '18 at 16:44
1

Glad to head that :D – Federkun Mar 31 '18 at 16:44
I am getting an error "cURL error 35: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate" when the same is ran on my production server. In local the code works fine – Ajeesh Apr 01 '18 at 06:22
Can yiou verify the path of `/path/to/openyes.crt.pem` on production, the permissions, and if the web server can read it? `var_dump(file_exists('/path/to/openyes.crt.pem'));` ? – Federkun Apr 01 '18 at 08:14
I got 'bool(true)' this as response to var dump. The permission is 644. – Ajeesh Apr 01 '18 at 17:27
What if I want to give URL of cert file instead of disk path as my cert file is placed somewhere else remotely. – Hafiz Jun 07 '18 at 08:45
You might also need to add 'verify' => false, – ejntaylor Feb 22 '23 at 15:54

Passing client certificates through Curl request using Guzzle

1 Answers1