Clientside certificates are often used in soap webservices. For example the wsdl file link might require a clientside certificate. The server throws an error like this :

HTTP Error 403.7 - Forbidden: SSL client certificate is required.

Curl Command

To use clientside certificate with curl , test the following command

curl --cert certificate_file.pem https://www.example.com/some_protected_page

or

curl --cert certificate_file.pem:password https://www.example.com/some_protected_page

The above command should fetch the protected page which required the clientside certificate.

Php Code

Once the above command works, the equivalent code in php would be :

<?php $url = "https://www.example.com/some_protected_page"; $cert_file = 'certificate_file.pem'; $cert_password = 'password'; $ch = curl_init(); $options = array( CURLOPT_RETURNTRANSFER => true, //CURLOPT_HEADER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)', //CURLOPT_VERBOSE => true, CURLOPT_URL => $url , CURLOPT_SSLCERT => $cert_file , CURLOPT_SSLCERTPASSWD => $cert_password , ); curl_setopt_array($ch , $options); $output = curl_exec($ch); if(!$output) { echo "Curl Error : " . curl_error($ch); } else { echo htmlentities($output); }

The above code would use the certificate file and the password to fetch the url.

Certificate Formats

SSL certificates come in a variety of formats like cer , pfx , pem etc. When using curl its a good idea to convert pfx certificate files to pem format.

The openssl command can be used to do this.

$ openssl pkcs12 -in cert_file.pfx -out cert_file.pem

Enter Import Password:

MAC verified OK

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

$