[SOLVED] get page from SSL server that requires client cert?
Posted: Wed Oct 06, 2004 7:54 pm
How do you write a php script to get a page from an SSL webserver that requires a client certificate?
Is it even possible?
I was able to write a script that that gets a page from an SSL sever that does NOT require a client certificate. But it doesnt work when I point it to a SSL webserver that DOES require a client certificate. here is the script:
It works great when pointed to a regular apache SSL webserver
But when I point this script to an apache webserver that is running SSL and requires client certificates (SSLVerifyClient require ) I get the following error in the /var/log/httpd/error_log:
mod_ssl: SSL handshake failed (server 192.168.0.28:5678:5678, client 192.168.0.28) (OpenSSL library error follows)
OpenSSL: error:140890C7:SSL routines:func(137):reason(199)
I looked up reason code 199 in the ssl.h file and it says: SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
So, Im guessing that my little php script didnt send a client certificate to the SSL webserver when it was requested. And since the php script is running under apache, I am guessing that I need to configure apache to send a client certificate when it is requested unless it can be done from within php.
And yes, all my certificates are in order and I even imported a browser certificate into my browser and verified that the browser can communicate with the server in SSL mode properly.
Is it possible? Im already a week behind schedule!! Anybody need a good dishwasher?
Is it even possible?
I was able to write a script that that gets a page from an SSL sever that does NOT require a client certificate. But it doesnt work when I point it to a SSL webserver that DOES require a client certificate. here is the script:
Code: Select all
$fp = fsockopen ("ssl://192.168.0.28",5678, $errno, $errstr, 30 );
if (!$fp) {
echo "<br>ERROR: $errstr ($errno)";
} else {
$request = "GET / HTTP/1.0\r\n";
$request .= "Host: 192.168.0.28\r\n";
$request .= "Connection: Close\r\n\r\n";
fputs ($fp, $request);
while (!feof($fp)) {
$result = fgets($fp,1024);
print "$result\n";
}
fclose($fp);
}But when I point this script to an apache webserver that is running SSL and requires client certificates (SSLVerifyClient require ) I get the following error in the /var/log/httpd/error_log:
mod_ssl: SSL handshake failed (server 192.168.0.28:5678:5678, client 192.168.0.28) (OpenSSL library error follows)
OpenSSL: error:140890C7:SSL routines:func(137):reason(199)
I looked up reason code 199 in the ssl.h file and it says: SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
So, Im guessing that my little php script didnt send a client certificate to the SSL webserver when it was requested. And since the php script is running under apache, I am guessing that I need to configure apache to send a client certificate when it is requested unless it can be done from within php.
And yes, all my certificates are in order and I even imported a browser certificate into my browser and verified that the browser can communicate with the server in SSL mode properly.
Is it possible? Im already a week behind schedule!! Anybody need a good dishwasher?