Allowing PHP cURL to access self-signed websites without verifying the SSL certificate

PHP Frameworks / Web Development
|
Post Views: 24,120
| By Webner

By default, each cURL request can access only SSL certified websites. However, at times it is required to access those sites which are self-signed. To verify that your cURL request is able to access self-signed websites or not, use below command:

curl <URL of the domain to be access>

If your request is able to access the website, then it must return some default response from the server. In case of certificate error, the request will throw below SSL error:
1
To turn off the verification of the SSL certificate for your cURL, add below line to your request:

curl_setopt ( $curl, CURLOPT_SSL_VERIFYPEER, false);

Along with this, add CA certificate for creating self-signed requests to access remote SSL certified websites. To download the file, visit below mentioned website:

https://curl.haxx.se/docs/caextract.html

Download the latest version of cacert.pem file from the website and place it at the same location where your curl request file exists.

After completing above steps your cURL request is ready to access self-signed websites without throwing any errors.

Below is a sample cURL request in PHP:

<?php
function generateToken() {
$service_url = 'https://URLToAccess';
$curl = curl_init ( $service_url );

$loginRequest = array (
'username' => 'testUser',
'password' => 'test123',
);

$data_string = json_encode ( $loginRequest );
print_r($data_string);
$options = array (
CURLOPT_RETURNTRANSFER => true, // true to return the result as string of value
CURLOPT_HTTPHEADER => array (
'Content-Type: application/json','Content-Length: ' . strlen ( $data_string ) //sets custom HTTP headers
)
);
curl_setopt_array ( $curl, $options ); //setting options for curl request
curl_setopt ( $curl, CURLOPT_CUSTOMREQUEST, "POST" ); //sending the request as post/get

// connect to the link via SSL without checking certificate
curl_setopt ( $curl, CURLOPT_SSL_VERIFYPEER, false); //false will prevent curl from verifying the SSL certificate

$response_json = curl_exec ( $curl ); //execute curl
curl_close ( $curl );
$response = json_decode($response_json ,true); //decoding the response in json format
print_r($response);
}

generateToken(); //calling the function
?>

Related posts:

  1. Sendgrid | Display sender name with email in “from” field
  2. Java | SSL and SSLHandshakeException for self-signed websites
  3. Curl | How to test a Restful web service using curl
  4. SSL certificate problem: unable to get local issuer certificate

Leave a Reply

Your email address will not be published. Required fields are marked *