http://us4.php.net/manual/en/function.curl-setopt.php
My best guess is:
CURLOPT_CAPATH for the root certificate CURLOPT_SSLCERT for the client certificate CURLOPT_SSLCERTPASSWD for what? the private key?
Are both the certificate and private key in the same file for the end user certificate? It would look something like this:
=====
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,3F4B1C0D9A4B5457
eiKGOs1ITvDp5B1rhcJQVF2ICXenhLaeXiY5LRY8Ufq/kRj7zPPjNzytpVTW0QWL ...stuff... fsghY8l/C5CRY92uxBFbnG6pi3VXQCsmC6Xksi5w7z6KhRTdiyDAXJuoXMTy6XOj -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIGUTCCBTmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCB1DELMAkGA1UEBhMCVVMx ...stuff... pbaRwTSjQIND/VF9w1aDWjCyP/PgfaQKVddZ5O9BgRd74W46VA== -----END CERTIFICATE-----
=====
The key and certificate might be in either order. If so, and if the private key is encrypted, then SSLCERTPASSWD would be the decrypt password for the private key.
And again, I don't know enough about the PHP setup to know why you didn't have to do this before. My guess would be that there is some --with-SSL-cert-directory setup parameter in the curl installation that somehow got left out the second time, or that there is some environment variable or php.ini statement that got left out the second time.
Of course, if you DO find curl_setopt or curl_easy_setopt lines in your source code, it would tell you where to put those certificates, or even let you move their location to somewhere YOU control.
Note: pay special attention to keeping that SSLCERTPASSWD secret, that is the crown jewels. If the private key is not encrypted (the DEK-Info: header not there) then the private key itself is the crown jewels. Certificates are never secret. That is the whole idea...
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
