I'll explain the situation.
Short version is that I have received a ssl certificate and I need to include it in some HTTP requests. And I haven't managed to correctly do it.
I'm using Guzzle to make the requests.
I have received the certificate as a string starting with
$client = new GuzzleHttp\Client(['base_uri' => 'https://theuri.com']);
$client->request('GET', 'getit', ['cert' => 'path/to/mycert.pem' ]);
cURL error 35: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
$client->request('GET', '/getit', ['verify' => 'path/to/mycert.pem'])
GuzzleHttp\Exception\ConnectException with message 'cURL error 35: SSL peer handshake failed, the server most likely requires a client certificate to connect (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)'
Okay I've figured this out now. I hadn't had any experience with certificates before. I did it all on OS X but you should get the picture. Some things like adding a private key to your keychain is probably different.
To do that, you need the certificate itself and the private key, which goes with it. In terminal you can do it with the
openssl command. The full command is
openssl pkcs12 -export -clcerts -inkey ~/private.key -in ~/certificate.crt -out MyCertPKCS12.p12 -name "Full Name"
Now you've created a file MyCertPKCS12.p12 that you have to add to your Keychain and include with http requests. The file goes with a password and you will be asked to enter it once your run this command.
Opened Keychain Access and imported the .p12 file. At first had some trust issues and had to manually set the which components trust the certificate. To do that, open Keychain Access. Top left corners is a list of Keychains, select System and you will see your freshly added certificate there. Double click it to open and you can set what trusts this certificate from there.
First if you have to do a simple GET request, you can type the url into your browser and you should be asked if you allow using a certificate. Allow it and select the certificate. Everything should work now. If not, google the error message.
Doing a GuzzleHttp request with the certificate goes as following:
$client = new GuzzleHttp\Client(['base_uri' => 'https://muchsecure.wow']); $cert = "/path/to/MyCertPKCS12.p12"; $method = "GET"; //or whatever the method is $response = $client->request($method, '/getinfo', ['cert' => [ $cert, 'epicpasswordISetForTheP12File' ]])
And now you've made a request to url https://muchsecure.wow/getinfo with the certificate.
If you have any more questions I'll be happy to help you all.