Integrations and APIs for Service

Get Involved. Join the Conversation.

Topic

    jraynor
    CURL Certificates in a CPMAnswered
    Topic posted February 11, 2019 by jraynor Silver Medal: 2,000+ Points, tagged Connect PHP, Custom Process Models - CPMs 
    124 Views, 7 Comments
    Title:
    CURL Certificates in a CPM
    Summary:
    Need help with a curl error due to lack of certificates in CPM
    Content:

    I have created an asynchronous CPM that uses cURL to call a json web API we have outside of Oracle. The web API is actually hosted as an Azure API, and I am able to successfully reach the API, and get a valid response in Postman with no custom certificates. When I insert the cURL part of the code into the CPM. I get the following error. 

    ---------------------------------------------------
    error setting certificate verify locations:
    CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath:none
    ---------------------------------------------------

    Has anyone come across how to resolve this? I do not wish to disable verify peer.

     

    Best Comment

    Robert Surujbhan

    For the Intermediate Certs directory (File Manager), here is the correct directory path to use for a file:

    /cgi-bin/interface.db/certs/uca/CERTFILENAME.pem
    

    For the Additional Root Certs area, it would be:

    /cgi-bin/interface.db/certs/ca/CERTFILENAME.pem
    

    For "interface.db", if you are using a Test site, remember to use the full explicit name here, e.g. siteinterface__tst1.db.

    Can you try these when setting CURLOPT_CAINFO in your code?

    Comment

     

    • Robert Surujbhan

      Hello. In your CPM's cURL code, are you setting the CURLOPT_CAINFO and/or CURLOPT_SSLCERT options?

    • jraynor

      I have tried setting the CURLOPT_CAINFO using both '/cgi-bin/XXXXXX.db/certs/ca.pem'  as well as '/cgi-bin/XXXXXX.db/certs/intermediate/CERTNAMEHERE.pem' 

      The latter I tried exporting the root cert from the API url in Chrome and adding it to the Intermediate Certs directory in File Manager. I also tried putting this in root Certs directory, but keep getting an invalid file error. 

    • Robert Surujbhan

      For the Intermediate Certs directory (File Manager), here is the correct directory path to use for a file:

      /cgi-bin/interface.db/certs/uca/CERTFILENAME.pem
      

      For the Additional Root Certs area, it would be:

      /cgi-bin/interface.db/certs/ca/CERTFILENAME.pem
      

      For "interface.db", if you are using a Test site, remember to use the full explicit name here, e.g. siteinterface__tst1.db.

      Can you try these when setting CURLOPT_CAINFO in your code?

    • jraynor

      I am trying this in a test site. which is siteinterface--tst  

      Should that --tst change into __tstd,db? Are the hyphens invalid in the case of the db name?

    • Robert Surujbhan

      For siteinterface--tst, it would be siteinterface__tst.db (two underscores before 'tst' and a period before 'db').

    • jraynor

      Robert, you are the BEST! I've read numerous posts, and even had other developers insist that even in a test site the db is always sitename.db regardless, as well as leaving off the ca/uca parts of the path. I got it working, thank you so much for taking the time to help out and point out the the uca and ca paths also.

    • jraynor

      The final solution in my case was using CURLOPT_CAINFO=> '/cgi-bin/sitename__tst.db/certs/uca/CERTFILE.pem' while having the cert file hosted in the intermediate certificates directory in file manager.