I’ve looked at a number of cURL PHP tutorials on the web and noticed “curl_setopt($RESTsession, CURLOPT_SSL_VERIFYPEER, false);” is often used for accessing secure websites via cURL. This is often seen when people ask “I cannot connect to HTTPS site using cURL” or have the “SSL certificate problem, verify that the CA cert is OK” error with cURL.
Ideally, you should set the SSL_VERIFYPEER value to true unless the server you are connecting to does not have a signed certificate. If you are sending confidential data, wouldn’t you want to make sure you are connecting to the correct server?
The first thing you need to do to get https requests is to get the correct CA certificate.
Here’s how to get the CA certificate using Mozilla Firefox 6.
1) On the address bar, visit the secure server that you will need to connect via https:. This will be used to retrieve the certificate file. In this example, I’m using Google.com. Click on the button to the left of the address bar. Click on the “More Information” button.
2) A page info window will popup. Click on the “View Certificate” button.
3) Click on the “View PEM” button. The “Export” feature does not include the necessary data for cURL to work properly.
4) Save the PEM File
5) Rename the file to YOURSERVER.pem. Save this file on your web server.
Now that you have the certificate, you will need to write the cURL PHP code:
// Replace with your remote server URL
$request = 'https://mysite.com/';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $request);
// Replace mysite.pem with name of your certificate file
curl_setopt($curl,CURLOPT_CAINFO,getcwd() . "/mysite.pem");
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
// Error checking
if(empty($curl)) { echo 'Curl error: ' . curl_error($curl); }
curl_close($curl);
Modify the $request variable to match the URL of your remote site (e.g. API) and change the mysite.pem file to the path to your CA file.
If everything works ok, the output of the remote site will be in the $response variable.
