CURL PHP Proper SSL between private servers with self-signed certificate
I originally had communication between two servers running with CURLOPT_SSL_VERIFYPEER set to "false" with no common name in the SSL certificate to avoid errors. Below is the code of the client that is connected to the server with the certificate:
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
However, I recently changed this code (set it to true) and specified the computers certificate in PEM format.
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,TRUE);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
curl_setopt($ch,CURLOPT_CAINFO,getcwd().'/includes/hostcert/Hostname.crt');
This worked fine on a local network from a test machine, since the certificate is signed with the hostname for CN. How to set up PHP code so that it only trusts the hostname computer and maintains a secure connection.
I am well aware that you can simply set CURLOPT_SSL_VERIFYHOST to "0" or "1" and CURLOPT_SSL_VERIFYPEER to "false", but these are not valid solutions as they violate SSL security.
My / etc / hosts file looks like this:
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost ExampleHostName
::1 localhost.localdomain localhost
source to share
You need to generate a certificate with a valid hostname as requested by the client. If you have used machine.local
for your internal name, but now want to use external clients calling it through machine.example.org
, then you need the certificate that you are using to be valid for machine.example.org
.
If you need both (since the same computer can be called with different hostnames), use the topic alias extension and put multiple DNS records in your certificate.
source to share