daneesv Posted February 16 Posted February 16 Good day. I need to configure the following values in PHP: curl.cainfo = "/private/cacert.pem" openssl.cafile = "/private/cacert.pem" How can I do this? I have tried uploading php.ini, .user.ini, and .htaccess files, but the configuration is not applied. I am hosting an application that uses SOAP with cURL. How can I modify these values on HelioHost's shared hosting? Thank you! Quote
wolstech Posted Monday at 02:07 PM Posted Monday at 02:07 PM Krydos would have to answer this, but it's quite likely that you can't change this yourself, if it all. Quote
daneesv Posted Monday at 02:22 PM Author Posted Monday at 02:22 PM I understand. What I want is to use an AFIP/Argentina web service that connects to URLs like https://wsaa.afip.gov.ar/ws/services/*** using SoapClient in PHP. This works correctly on other hosting providers, but on HelioHost, I get the error: "Fatal error: Uncaught Exception: SOAP Fault: HTTP Could not connect to host". I believe there is an issue with the certificate configuration, specifically with the values of curl.cainfo and openssl.cafile. Is it possible to enable these connections in any way? Thank you! Quote
Krydos Posted Monday at 03:24 PM Posted Monday at 03:24 PM 1 hour ago, daneesv said: "Fatal error: Uncaught Exception: SOAP Fault: HTTP Could not connect to host". There's about 100 reasons why you could see this error, and yes SSL is one of them, but I doubt that is the case here. The SSL certificate for wsaa.afip.gov.ar seems fine and Johnny's curl is accepting the connection with SSL just fine. Quote
daneesv Posted Tuesday at 03:20 AM Author Posted Tuesday at 03:20 AM Okay! Thanks! I'll try to solve the problem another way... Quote
Krydos Posted Tuesday at 03:41 AM Posted Tuesday at 03:41 AM Do you have a test file I can take a look at? Quote
daneesv Posted Tuesday at 05:15 AM Author Posted Tuesday at 05:15 AM The problem has been resolved. Thank you very much for your attention. The Heliohost server rejects the SSL connection with AFIP because the DH (Diffie-Hellman) key is too small and is not considered secure. Heliohost has strict SSL security settings that block connections with small DH keys. The AFIP server uses an old or weak DH key, which causes Heliohost to reject the connection. OpenSSL on Heliohost is blocking connections with certain ciphers. The solution was to add the following context to the SOAP connection: 'stream_context' => stream_context_create([ 'ssl' => [ 'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, 'verify_peer' => false, 'verify_peer_name' => false, 'ciphers' => 'DEFAULT:@SECLEVEL=1' ] ]) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.