I’ve spent a few hours trying to get cURL (in PHP) to work with the Swedish BankID service, and running into the following two certificate errors:
CURL ERROR 60: SSL certificate problem: unable to get local issuer certificate
CURL ERROR 77: error setting certificate verify locations:
CAfile: C:testbankidbankid_test_server.pem
CApath: C:testbankidbankid_test_server.pem
The code I’m using to initialize cURL is the following:
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd().DIRECTORY_SEPARATOR.$bankidServerCertFile);
curl_setopt($ch, CURLOPT_CAPATH, getcwd().DIRECTORY_SEPARATOR.$bankidServerCertFile);
curl_setopt($ch, CURLOPT_SSLCERT, $clientCertFile);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $clientCertPass);
curl_setopt($ch, CURLOPT_SSLKEY, $clientCertKeyFile);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $clientCertKeyPass);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type:application/json'));
I’ve tried various variations of the CURLOPT_CAINFO and CURLOPT_CAPATH options, but I still get either of the two errors (when I try some variations of the options I get one, when I try some other variations I get the other error).
I got the server certificate by following the advice to export it using Firefox, as described in this SO question. The certificate file is in the correct location and readable.