The website is saying "You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with your digital certificate.".
I have gotten this message every time, so rather than connection time expiring, I think that my attempt of authenticating is just not working.
The way I am doing this is I start with just a pfx file, and a passphrase to open it. I make the pem certificate with openssl and the pfx.
Code:
<?php
$pfx_path = 'me.pfx';
$pfx_pass = 'foopass123';
$pfx_values = [];
openssl_pkcs12_read(file_get_contents($pfx_path), $pfx_values, $pfx_pass);
$cert_path = 'me.pem';
file_put_contents($cert_path, $pfx_values['cert'] . "
" . $pfx_values['pkey']);
$postfields = 'field1=val1&field2=val2&field3=val3';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL , 'https://www.example.com');
curl_setopt($ch, CURLOPT_POST , true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS , $postfields);
curl_setopt($ch, CURLOPT_SSLCERT , $cert_path);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
$curl_result = curl_exec($ch);
$curl_info = curl_getinfo($ch);
curl_close($ch);
Result of executing the code (showing just a quote of the HTML of $curl_result):
You are not authenticated with digital certificate, or possibly the connection time expired. Authenticate again with digital certificate.
By the way, $curl_info['ssl_verify_result']
is 0, which I guess means that at least the server was correctly authenticated.
EDIT: removed CURLOPT_SSLCERTPASSWD
because it's not necessary, the pfx file was already open with the password, and its private and public key were put naked into $cert_path
.