PHP + cURL + SSL query
Hi,
I have a query with using cURL (SSL version) with PHP + cPanel. Using cURL with SSL you supposedly need to provide a bundle of trustable root certificates.
Using the following code:
[PHP]curl_setopt($curlSession, CURLOPT_SSL_VERIFYPEER, 1);[/PHP]
I am not providing a certificate bundle and it still seems to work. So that's weird for starters?
Regardless I provide a bundle from /etc/pki/tls/certs/ca-bundle.crt:
[PHP]curl_setopt($curlSession, CURLOPT_CAINFO, '/etc/pki/tls/certs/ca-bundle.crt');[/PHP]
Now my question is, is it safe to use the ca-bundle.crt in this directory? Does cPanel update this as and when required?
Thanks
-
Hello :) Yes, it's acceptable to use the /etc/pki/tls/certs/ca-bundle.crt file for cURL. cURL should use this file by default, but you can verify this by running a test cURL command with the verbose flag on your server. EX: curl -v 'https://test.domain.tld/index.php' > test.index.html
Could you elaborate more on the question about the update of this file from cPanel? What's the behavior you are expecting? Thank you.0 -
Hi Michael, Thanks for the response. I just wondered if cPanel ever takes responsibility for updating the ca-bundle.crt file or it's left to the OS? As I understand it, the root certificates referenced in that file get updated semi-regularly thus the file needs to be kept up-to-date? 0 -
Hello :) The file you are referring to is controlled and updated by your operating system. For example, here's the output that shows which package is associated with the file: # rpm -qf /etc/pki/tls/certs/ca-bundle.crt ca-certificates-2015.2.6-70.1.el7_2.noarch
As far as automatically populating the CABundle field when installing a SSL certificate through cPanel/WHM, that's handled through an external cPanel repository. Thank you.0
Please sign in to leave a comment.
Comments
3 comments