Last Updated: February 25, 2016
·
12.45K
· gapple

Using Client SSL Certificates for PHP cURL Requests on OSX

Using Guzzle to interact with a web service that requires client SSL certificates, I was consistently getting an error that the certificate could not be loaded:

$httpClient->send($request, [
    'curl' => [
        CURLOPT_SSLCERT => 'path/to/cert.pem'
    ]
]);

cURL error 58: SSL: Can't load the certificate and its private key: OSStatus -61

The problem was that OSX's built-in cURL uses Apple's own Secure transport library instead of OpenSSL, and so only P12 format certificates are supported.

The obvious option is to convert your certificate into the expected format:

$ openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12

If using Homebrew, there's another option.

By default, when cURL is installed via Homebrew it makes use of the system's Secure Transport library. To reinstall it with OpenSSL instead:

$ brew rm curl && brew install curl --with-openssl

Then, by default, PHP makes use of the system's version of cURL. To use the Homebrew version of cURL instead:

$ brew uninstall php56 && brew install php56 --with-homebrew-curl

Restart your web server to load the updated PHP library, and it should now support the PEM format certificate.