Personal SSL Certs PHP Curl

Needed to connect to a gateway that used personal pkcs12 (p12) SSL certificates and could not find any decent docs online. The whole SSL thing can be confusing at the best of times so I thought I would note down my experience.

PHP does not like pkcs12 certificates so you need to turn them into pem

openssl pkcs12 -in cert-they-gave-you.p12 -out key.pem -nocerts

openssl pkcs12 -in cert-they-gave-you.p12 -out cert.pem -clcerts -nokeys

If they gave you a password and one is requested here use that.

test at command line with

curl --cert cert.pem --key key.pem https://url-to-service

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://url-to-service');
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/certs/cert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'password');
curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd().'/certs/key.pem');


/**

Word press will not allow me to post the execution command snippet so you need to look it up
**/
echo $result;
curl_close($ch);


PHP 5.2.3
cURL Information libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.10
Ubuntu 9.04