cURL PHP Proper SSL between private servers with self-signed certificate
Posted
by
PolishHurricane
on Stack Overflow
See other posts from Stack Overflow
or by PolishHurricane
Published on 2012-06-05T16:32:00Z
Indexed on
2012/06/05
16:40 UTC
Read the original article
Hit count: 289
I originally had a connection between my 2 servers running with CURLOPT_SSL_VERIFYPEER set to "false" with no Common Name in the SSL cert to avoid errors. The following is the client code that connected to the server with the certificate:
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
However, I recently changed this code (set it to true) and specified the computers certificate in PEM format.
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,TRUE);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
curl_setopt($ch,CURLOPT_CAINFO,getcwd().'/includes/hostcert/Hostname.crt');
This worked great on the local network from a test machine, as the certificate is signed with it's hostname for a CN. How can I setup the PHP code so it only trusts the hostname computer and maintains a secure connection.
I'm well aware you can just set CURLOPT_SSL_VERIFYHOST to "0" or "1" and CURLOPT_SSL_VERIFYPEER to "false", but these are not valid solutions as they break the SSL security.
© Stack Overflow or respective owner
