SSL: no Alternative Certificate Subject name Matches target host name 'xxx'

Asked

Viewed 2,055 times

11

Trying to run Curl in PHP gives me this error..

SSL: no Alternative Certificate Subject name Matches target host name 'xxx'

I would like to better understand this, and even debug the problem.

$arr["oi"] = "tchau";

 $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "https://www.xxx.com/teste/recebe_requisicao.php");
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0");
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_VERBOSE, true);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $arr);
        curl_exec($ch);

        $response = curl_exec($ch);

$info = curl_getinfo($ch);
echo json_encode($info);

However, the return of curl_getinfo is this:

"http_code":0

There are other variables also returned, but I don’t understand which one is important to check.

The request is made from server to itself.. Note that other sites on the same machine do not give this error.

EDIT:

I did tests using POSTMAN, and then the requisition worked.

I do not understand why my server request for itself gives SSL error, however POSTMAN for it is OK.

Funny that other sites from the same server are OK, no error....

EDIT 2

POSTMAN generated code to use in PHP with the Curl library

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://www.xxx.com/teste/recebe_requisicao.php",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_POSTFIELDS => "ola=valor",
  CURLOPT_HTTPHEADER => array(
    "Content-Type: application/x-www-form-urlencoded",
    "Postman-Token: 70cfc5b2-fd30-4605-ae73-b96c5cae0a92",
    "cache-control: no-cache"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

EDIT 3

I exchanged SSL Lets Encrypt for a Paid I already had, just for conscience disengagement, but apparently did not solve..

php curl

  • I have uninstalled, installed SSL Lets Encrypt to check if this was not the problem.

  • 1

    Maybe ssl may be having problems setting up, you can use this site (ssllabs.with) to test, check the information Chain issues, Obs. on this site you can hide the results by marking the checkbox Do not show the Results on the Boards. Another thing, as this requisition is local would not be better used http://localhost/

  • 1

    Why are you making a server request for yourself? It wouldn’t be enough to make one require or even run the PHP file by function exec?

  • 1

    @Icaromartins SSL is OK, the problem. The problem has been solved! And it wasn’t in SSL, because I installed and reinstalled it 5 times (Cpanel, Encrypt Lets and even 1 paid). So I talked to the Host administrator, and it looks like there was an internal DNS problem (in the hosts file), so ADM switched to the server IP (there was another one, nothing to see), and it worked! If any of you manage to post a response to the case, including #1 solution: SSL error, and #2 solution, DNS error with a plausible explanation, you will be rewarded.

  • @Guilhermecostamilam Yes could, and would save more resources(less requisition), but I like to work that way! It doesn’t compromise, it doesn’t affect, and if I ever notice that it’s consuming, I perfect it.

4 answers

0

Add on that option:

curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);

  • HTTP Code returned is 502, actually I tested this in production before, and gave Bad Gateway(502) error instead of returning the error mentioned in the topic.

  • 1

    Try using POSTMAN or Insomnia to do this test. Then you pass to the code.

  • Funny that uses the plugin Restclient for example (firefox) and making this same request, works..

  • 1

    Then, do the test with these programs. There it generates up to the PHP code for you. Then you see what’s different.

  • Made the tests.. by Postman gave OK, but my server ordering for himself gave FAIL!! Ps: I copied the code by Postman(in php-Curl) and put there, the error returned is the one mentioned in the topic "SSL: in Alternative Certificate Subject name Matches target host name"

  • 1

    Post the code generated by Postman.

  • Okay, I edited the post and put.

Show 2 more comments

0

Try to use the options CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER together, both with value FALSE. Should solve your problem.

<?php

$arr["oi"] = "tchau";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.xxx.com/teste/recebe_requisicao.php");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // Primeira opção
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); // Segunda opção
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $arr);
curl_exec($ch);

$response = curl_exec($ch);

$info = curl_getinfo($ch);
echo json_encode($info);

?>

0

Are you running PHP on the localhost? if yes, it is necessary to disable ssl. SSL works on the local machine. But apache doesn’t understand it that way. Add these lines in the CURL section.

[curl]
 O valor padrao para CURLOPT_CAINFO é necessario informar o caminho absoluto do 
 certificado.

 Onde "/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem" é o caminho absoluto.
 Ou seja, é o local onde o arquivo cacert.pem esta salvo em sua distribuicao.
 Caso vc nao possua o AMPPS, e use o xaamp no windows. O caminho seria:

 Entao na url vc nao deve colocar a url do certifica e sim baixar o certificado
 no site: 


 curl.cainfo="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
 openssl.cafile="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"

0

Usually happens when certificate does not match host name.

The solution would be to contact the host and ask them to correct their certificate. Otherwise, you can disable checking the certificate by Curl, use the -k (or --insecure) option. Note that, as the option said, it is insecure. You should not use this option in production as it allows self-signed certificates.

More information may be found here.

In your case, just add this in dev environment:

//suponho que vc tenha uma constante de ambiente... 
$app = APPLICATION_ENV;

$permission = ($app == 'production') ? true : false;

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://www.xxx.com/teste/recebe_requisicao.php",
  //acrescente aqui:::::::::::::: 
  CURLOPT_SSL_VERIFYPEER => $permission,
  CURLOPT_SSL_VERIFYHOST => $permission,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_POSTFIELDS => "ola=valor",
  CURLOPT_HTTPHEADER => array(
    "Content-Type: application/x-www-form-urlencoded",
    "Postman-Token: 70cfc5b2-fd30-4605-ae73-b96c5cae0a92",
    "cache-control: no-cache"
  ),
));

Browser other questions tagged php curl

You are not signed in. Login or sign up in order to post.