Archive

Posts Tagged ‘self signed certificate’

Adding a Self Signed Certificate to Trusted Certificate on Linux

January 14, 2016 Leave a comment

Some times, when we generate self signed certificates, some libraries need it to be a part of the operating systems trusted certificates

I am doing this on CentOS 7 and for openSSL

This will only work for apps/libraries that use OpenSSLs trusted certificate list

I already have my self signed certificate in /etc/pki/tls/certs/my-self-signed-cert.crt

cp /etc/pki/tls/certs/devinviteright.crt /etc/pki/ca-trust/source/anchors

sudo update-ca-trust

PHP 5.6 and Self Signed Certificates for Soap, file_get_contents

November 18, 2015 Leave a comment

Operating System: CentOS 7
PHP: 5.6

This is only for local machine and local development – use at your own risk

I a using a self signed SSL certificate on my local development machine and many functions in PHP refuse to work with self signed certificates.
Some of the functions are

  • file_get_contents()
  • fopen()
  • SoapClient()

my domain name for local machine: localhost
my Self Signed SSL certificate in PEM format: localhost.crt

If i use any of these functions to access a HTTPS resource, the calls fail with invalid certificate
eg file_get_contentc(“https://localhost/test.csv”); will fail

the easiest method is to force add your self signed certificate to the trusted ca-authority in the operating system and openssl

# this should already be installed if you have openssl installed
yum -y install ca-certificates

# copy your self signed cert to the /etc/pki/ca-trust/source/anchors - change certificate path as necessary
cp /etc/pki/tls/certs/localhost.crt /etc/pki/ca-trust/source/anchors

# update
sudo update-ca-trust

now SoapClient, file_get_contents and fopen should work without problems

Other way to do it is to manually send in the stream_context to each of the calls like here

http://stackoverflow.com/questions/18465567/php-soapclient-verify-peer-true-fails-with-ca-signed-certificate