Hi, I want to connect my Mikrotik with PHP from local host.
I enabled www-ssl service and create a self-sign certificate.
I can get a response from my router in cmd through this command
curl -k -u user:pass https://router_ip/rest/system/resource
but when I try to access it from my PHP code it says
Error:SSL certificate problem: self signed certificate in certificate chain
My PHP code are bellow
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, ‘https://router_ip/rest/interface/ether1’);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, ‘GET’);
curl_setopt($ch, CURLOPT_USERPWD, ‘user’ . ‘:’ . ‘pass’);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo ‘Error:’ . curl_error($ch);
}
curl_close($ch);
optio
2
try with
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
or if you want persist certificate verification
curl_setopt($ch, CURLOPT_CAINFO, "<path_to_ca_of_selfsigned_cert_pem>");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
Those will create might expose requests to MITM attackers.
I download and set cacert.pem from the http://curl.haxx.se/docs/caextract.html). webist
still same result
optio
4
I did not work with php for a log time, but I think problem is not related to ROS/MT unless you did not set (correct) certfigicate for www-ssl:
/ip/service set www-ssl certificate=<certificate> disabled=no
. Does this certificate work in browser without warning when it’s CA is added into browser/system trust store / keychain? You can try it by calling API respource or Webfig from browser.
Regarding php code I can only think of that something is wrong with loading certificate if CA is valid and in correct format. See more: https://stackoverflow.com/questions/21187946/curl-error-60-ssl-certificate-issue-self-signed-certificate-in-certificate-cha