Community discussions

MikroTik App
 
suvasishpaul
just joined
Topic Author
Posts: 5
Joined: Tue Jun 30, 2020 7:14 am

Mikrotik Rest API with PHP

Thu Apr 13, 2023 1:34 pm

Hi, I want to connect my Mikrotik with PHP from local host.
I enabled www-ssl service and create a self-sign certificate.

I can get a response from my router in cmd through this command
curl -k -u user:pass https://router_ip/rest/system/resource

but when I try to access it from my PHP code it says
Error:SSL certificate problem: self signed certificate in certificate chain
My PHP code are bellow

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://router_ip/rest/interface/ether1');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_USERPWD, 'user' . ':' . 'pass');

$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Mikrotik Rest API with PHP

Thu Apr 13, 2023 2:18 pm

try with
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
or if you want persist certificate verification
curl_setopt($ch, CURLOPT_CAINFO, "<path_to_ca_of_selfsigned_cert_pem>");
 
suvasishpaul
just joined
Topic Author
Posts: 5
Joined: Tue Jun 30, 2020 7:14 am

Re: Mikrotik Rest API with PHP

Sat Apr 15, 2023 8:53 am

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

Those will create might expose requests to MITM attackers.

I download and set cacert.pem from the http://curl.haxx.se/docs/caextract.html). webist

still same result
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Mikrotik Rest API with PHP

Sat Apr 15, 2023 12:30 pm

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

Those will create might expose requests to MITM attackers.

I download and set cacert.pem from the http://curl.haxx.se/docs/caextract.html). webist

still same result
I did not work with php for a log time, but I think problem is not related to ROS/MT unless you did not set (correct) certfigicate for www-ssl:
/ip/service set www-ssl certificate=<certificate> disabled=no
. Does this certificate work in browser without warning when it's CA is added into browser/system trust store / keychain? You can try it by calling API respource or Webfig from browser.
Regarding php code I can only think of that something is wrong with loading certificate if CA is valid and in correct format. See more: https://stackoverflow.com/questions/211 ... ficate-cha

Who is online

Users browsing this forum: No registered users and 19 guests