Php unable to set private key file type pem
I fixed my problem, when a create my own private.key to create my cert.pem don´t work but When I generate automatically with the page of visa (the private key) its work. and Also work when i do method GET .
When I do POST. I copy the sample parameters that show visa developer, but show an error
I think that I should change the structure the sample parametres of visa:
curl_setopt($tuCurl, CURLOPT_POSTFIELDS, json_encode("< 'acquirerCountryCode': '840', 'acquiringBin': '408999', 'amount': '124.02', 'businessApplicationId': 'AA', 'cardAcceptor': < 'address': < 'country': 'USA', 'county': '081', 'state': 'CA', 'zipCode': '94404' >, 'idCode': 'ABCD1234ABCD123', 'name': 'Visa Inc. USA-Foster City', 'terminalId': 'ABCD1234' >, 'foreignExchangeFeeTransaction': '11.99', 'localTransactionDateTime': '2020-07-15T02:46:25', 'retrievalReferenceNumber': '330000550000', 'senderCardExpiryDate': '2015-10', 'senderCurrencyCode': 'USD', 'senderPrimaryAccountNumber': '4895142232120006', 'systemsTraceAuditNumber': '451001', 'addressVerificationData': < 'street': 'XYZ St', 'postalCode': '12345' >>"));Great to hear that you have fixed your private key issue.
I tried the parameters that you were using and copied it to my testing tool and I was able to get a response successfully. Here’s my post request and response:
End Point https://sandbox.api.visa.com/visadirect/fundstransfer/v1/pullfundstransactions
Method POST
Request
«amount»: «124.02»,
«localTransactionDateTime»: «2020-07-15T02:46:25»,
«cardAcceptor»: «address»: «country»: «USA»,
«zipCode»: «94404»,
«county»: «081»,
«state»: «CA»
>,
«idCode»: «ABCD1234ABCD123»,
«name»: «Visa Inc. USA-Foster City»,
«terminalId»: «ABCD1234»
>,
«acquirerCountryCode»: «840»,
«acquiringBin»: «408999»,
«retrievalReferenceNumber»: «330000550000»,
«senderCurrencyCode»: «USD»,
«addressVerificationData»: «street»: «XYZ St»,
«postalCode»: «12345»
>,
«systemsTraceAuditNumber»: «451001»,
«businessApplicationId»: «AA»,
«senderPrimaryAccountNumber»: «4895142232120006»,
«foreignExchangeFeeTransaction»: «11.99»,
«senderCardExpiryDate»: «2015-10»
>
Response
«transmissionDateTime»: «2020-07-15T18:33:28.000Z»,
«approvalCode»: «98765X»,
«cpsAuthorizationCharacteristicsIndicator»: «3333»,
«transactionIdentifier»: 623422177635620,
«actionCode»: «00»,
«responseCode»: «5»
>
Response Header
Status Code: 200 OK
Server : nginx
Date : Wed, 15 Jul 2020 18:33:28 GMT
Content-Type : application/json;charset=UTF-8
Content-Length : 202
Connection : keep-alive
X-SERVED-BY : l55c014
X-CORRELATION-ID : 1594838008_500_923262086_l55c014_VDP_WS
X-APP-STATUS : 200
X-APP-STATUS : 200
X-Backside-Transport : OK OK,OK OK
X-Global-Transaction-ID : 1adcbd165f0f4bf8f2d78181
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=2592000;includeSubdomains
Cache-Control : no-cache, no-store, must-revalidate
Pragma : no-cache
Expires : -1
Content-Language : en-US
I was using the VDC Playground tool to test. It can be downloaded from your project asset page. Details can be found here: https://community.developer.visa.com/t5/Developer-Tools/How-to-test-and-troubleshoot-APIs-with-the-V.
Was your question answered? Don’t forget to click on «Accept as Solution» to help other devs find the answer to the same question.
Php – Curl Error: unable to set private key file: ‘test.pem’ type PEM
I check online for certificate decoder :
https://www.sslshopper.com/certificate-decoder.html
and certificate is valid on this site.
So what is the problem here i can’t figure it out.
I tried with ssl command also.
Best Solution
- one error was of pem file there is a error in pem file generation.
- another error is i didn’t include CURLOPT_SSLCERTPASSWD() in code.
curl_setopt($ch,CURLOPT_SSLCERTTYPE,"PEM"); curl_setopt($ch, CURLOPT_SSLCERT, "test.pem"); curl_setopt($ch, CURLOPT_SSLCERTPASSWD, '******'); // password Related Solutions
How to get .pem file from .key and .crt files
Your keys may already be in PEM format, but just named with .crt or .key.
If the file’s content begins with ——BEGIN and you can read it in a text editor:
The file uses base64, which is readable in ASCII, not binary format. The certificate is already in PEM format. Just change the extension to .pem.
If the file is in binary:
For the server.crt, you would use
openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem For server.key, use openssl rsa in place of openssl x509 .
The server.key is likely your private key, and the .crt file is the returned, signed, x509 certificate.
If this is for a Web server and you cannot specify loading a separate private and public key:
You may need to concatenate the two files. For this use:
cat server.crt server.key > server.includesprivatekey.pem I would recommend naming files with «includesprivatekey» to help you manage the permissions you keep with this file.
How to set the authorization header using cURL
See part 6. HTTP Authentication
HTTP Authentication
HTTP Authentication is the ability to tell the server your username and password so that it can verify that you’re allowed to do the request you’re doing. The Basic authentication used in HTTP (which is the type curl uses by default) is plain text based, which means it sends username and password only slightly obfuscated, but still fully readable by anyone that sniffs on the network between you and the remote server.
To tell curl to use a user and password for authentication:
curl --user name:password http://www.example.com The site might require a different authentication method (check the headers returned by the server), and then —ntlm, —digest, —negotiate or even —anyauth might be options that suit you.
Sometimes your HTTP access is only available through the use of a HTTP proxy. This seems to be especially common at various companies. A HTTP proxy may require its own user and password to allow the client to get through to the Internet. To specify those with curl, run something like:
curl --proxy-user proxyuser:proxypassword curl.haxx.se If your proxy requires the authentication to be done using the NTLM method, use —proxy-ntlm, if it requires Digest use —proxy-digest.
If you use any one these user+password options but leave out the password part, curl will prompt for the password interactively.
Do note that when a program is run, its parameters might be possible to see when listing the running processes of the system. Thus, other users may be able to watch your passwords if you pass them as plain command line options. There are ways to circumvent this.
It is worth noting that while this is how HTTP Authentication works, very many web sites will not use this concept when they provide logins etc. See the Web Login chapter further below for more details on that.
Related Question
CURL with SSL certificates fails: error 58 unable to set private key file
The result I keep getting is error 58: unable to set private key file: ‘/home/. /domains/. /public_html/auth/key.pem’ type PEM.,Switch the order of the content in the key.pem file as suggested here: Unable to use libcurl to access a site requiring client authentication. No luck so far.,I’m trying to connect to a remote host using cURL. The connection requires the use of a certificate and a private key which is password protected. So far I’m unsuccessful with this code below:, Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
I’ve fixed this problem. I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution. Here goes:
I used the openssl CLI program to convert the .p12 key-file to a .pem key-file. The trick is the way the conversion takes place.
Answer by Mac Richard
This took me far too long to work out.,I kept getting the following error whilst trying to sign a cURL request:,You should see something that looks like the following:,To ensure that your certificate and key match, you can use the following commands:
I kept getting the following error whilst trying to sign a cURL request:
bashcurl: (58) unable to set private key file: 'server.key' type PEMTo ensure that your certificate and key match, you can use the following commands:
bash$ openssl x509 -noout -modulus -in server.crt | openssl md5$ openssl rsa -noout -modulus -in server.key | openssl md5You should see something that looks like the following:
(stdin)= 47f0c86371b31432504f195357cf2947 Answer by Mohammed Walter
I tryed use the function cURL how show the page of PHP, and I get the same error. This is the code :,I follow the tutorial in his page and I generate the «privateKey.pem» and I get the «cert.pem», and in his manual in PHP I set this certificates for use the API, but I get the error. ,I have this error When I run the api «funds_transfer_api» in my local with XAMPP, using its files in PHP :,I think that I should change the structure the sample parametres of visa:
else < echo 'Curl error: ' . curl_error($tuCurl); >curl_close($tuCurl); echo $tuData; ?>Answer by Egypt Acosta
It looks like when the crypto policy is to FUTURE we are unable to connect to the redhat repos with the following error:,I ended up on this post after deducing that the «future» setting broke the appstream repo with the same «weak security» cert error as above.,Hi we are tracking this in the following bugzilla,For me, only the appstream repo is affected, the base repo still works fine.
If you set update-crypto-policies to FUTURE, RSA key size must be >=3072 (man crypto-policies). But cdn.redhat.com delivers a key size of 2048.
yum update -v Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, uploadprofile Updating Subscription Management repositories. DNF version: 4.2.7 cachedir: /var/cache/dnf repo: downloading from remote: rhel-8-for-x86_64-appstream-rpms error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/repomd.xml [SSL certificate problem: EE certificate key too weak] (https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/repomd.xml). Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 0.0 B/s | 0 B 00:00 Cannot download 'https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried. Failed to download metadata for repo 'rhel-8-for-x86_64-appstream-rpms' Error: Failed to download metadata for repo 'rhel-8-for-x86_64-appstream-rpms'