{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 老娘就宠你 的问题《Client certificate on EPP Call》','https://www.manongdao.com/q-991568.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to use free client certificate by cacert.org in curl call. check following...
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://url.com');
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSLCERT, 'cert.crt');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
I have downloaded certificate as PEM, now i am getting following error...
unable to set private key file: 'cert.crt' type PEM
I have tried all way but could not fix, tried google as well. Please help.
I believe the problem is that your certificate file does not contain the private key and it isn't being supplied separately using the
CURLOPT_SSLKEYoption which points to the corresponding private key for the certificate.I'm guessing the certificate was issued to you from the CA and installed in your browser. When this happens the private key is stored by the browser in a secure location separate from the cert (depends on the OS & browser).
Most browsers won't let you export the certificate and private key without encrypting it (supplying a password). But based on the contents of your PEM file, there is no corresponding private key.
To resolve this you'll probably have to go through a few steps:
The problem now is that the private key is encrypted and it needs to be unencrypted for cURL as far as I know
opensslto decrypt the private key and export the certificate and key to PEM formatopenssl pkcs12 -in cert.p12 -nodes(this will ask for the password used to encrypt when you exported from the browser) (cert.p12 is the cert & private key in PKCS12 format.-nodesallows the private key to be exported without encryption)This will print to standard output the certificate and key in PEM format.
You should see two sections:
and
You already have the cert most likely, but you need to save the private key to another file. Since it isn't encrypted on the server, take great care to set the permissions properly, typically
0400so other users can't access it