I'm trying to install the Amazon Web Services PHP SDK on my Ubuntu LAMP server. Whenever I run the compatibly check everything but cURL comes back okay. The issue I'm having is that it's reporting I don't have cURL with SSL. I uninstalled curl then installed curl-ssl with no avail.
Ubuntu – AWS PHP Curl with SSL
amazon-web-servicescurllampPHPUbuntu
Related Solutions
Make sure that you specify www.phaxio.com
, and not just phaxio.com
. The latter does not provide with a valid certificate, and could be your problem.
https://www.phaxio.com
is using a wildcard-certificate. This should validate as long as you specify a prefix to .phaxio.com. This means that phaxio.com
is invalid, but www.phaxio.com
is valid.
However, phaxio.com
actually presents itself with a certificate for an entirely different domain.
The date on the computer you're running curl
on could be set to a time outside the certificates validity period. It's valid from 18th September 2011
.
The root-certificate list could be too old - the CA-certificate is dated 19th February 2010
. (This is probably not the case in Ubuntu 10.10, though).
So it turns out that installing the ca-certificates package didn't install the one that I needed. I found this post about certificates being presented out of order. This seems to be the case with my request to sagepay.
The solution ended up being to install another CA certificate from Verisign. I'm not sure why this fixes the issue with it being out of order but it does, but I suspect the out of order issue really isn't a problem at all and it was infact because I was missing a certificate all along. The additional certificate is available in that post but I didn't want to blindly trust it. I've looked at the list of CA certificates from cURL's site and it is listed there so I do trust it.
The certificate:
Verisign Class 3 Public Primary Certification Authority
=======================================================
-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAz
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94
f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Ol
hec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtMEivPLCYA
TxQT3ab7/AoRhIzzKBxnki98tsX63/Dolbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59Ah
WM1pF+NEHJwZRDmJXNycAA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2Omuf
Tqj/ZA1k
-----END CERTIFICATE-----
I put this in a file in:
/usr/share/ca-certificates/curl/Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.crt
I then modified the /etc/ca-certificates.conf and added the following line at the end:
curl/Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.crt
After that I ran the command:
sudo update-ca-certificates
Looking into the /etc/ssl/certs directory I see it correctly linked:
ls -al | grep cURL
lrwxrwxrwx 1 root root 69 2012-03-27 16:03 415660c1.0 -> Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.pem
lrwxrwxrwx 1 root root 69 2012-03-27 16:03 7651b327.0 -> Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.pem
lrwxrwxrwx 1 root root 101 2012-03-27 16:03 Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.pem -> /usr/share/ca-certificates/curl/Verisign_Class_3_Public_Primary_Certification_Authority-from_cURL.crt
And everything works!
curl -I https://test.sagepay.com
HTTP/1.1 200 OK...
Best Answer
Maybe you forgot some packages to install
libcurl4-openssl-dev
?Then restart server:
This question should be on maybe serverfault.com/ubuntu