Curl problems (api and Smartzone)

  • 1
  • Question
  • Updated 3 weeks ago
Hi,

I'm creating an api program in combination with Ruckus access points and a Smartzone. When I login with the api's using postman everything works. Also with http request and php 5.3 it isn't a problem. But for php7 I need to use Curl and I receive certificate Errors. Can someone help me?



Programm language: php7

Error I get:
cURL Error #:SSL certificate problem: unable to get local issuer certificate

Example code:
$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_PORT => "7443",
  CURLOPT_URL => "https://$smartzone_ip:7443/api/public/v5_0/session";,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_SSL_VERIFYPEER => false,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "{\r\n  \"username\": \"$gebruikersnaam_ruckus\",\r\n  \"password\": \"$paswoord_ruckus\",\r\n  \"timeZoneUtcOffset\": \"+01:00\"\r\n}",
  CURLOPT_HTTPHEADER => array(
    "cache-control: no-cache",
    "content-type: application/json;charset=UTF-8",
    "cookie: JSESSIONID={JSESSIONID}",
    "postman-token: 2d8d37d3-7cd5-7cf5-f5c6-480a9805bfa9"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

If I add the following code to the curl_setopt_array (I know this isn't a good solution, but just for testing):
CURLOPT_SSL_VERIFYPEER => false,


I get the following error:
cURL Error #:SSL: certificate subject name 'scg.ruckuswireless.com' does not match target host name '78.XX.XXX.XXX'
Photo of Jonas Dekkers

Jonas Dekkers

  • 6 Posts
  • 0 Reply Likes

Posted 4 weeks ago

  • 1
Photo of Jonas Dekkers

Jonas Dekkers

  • 6 Posts
  • 0 Reply Likes
No one?
Photo of Jonas Dekkers

Jonas Dekkers

  • 6 Posts
  • 0 Reply Likes
I just use the ip-address so I don't know why he is referring to scg.ruckuswireless.be.
We have our own Virtual Smartzone
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 13 Posts
  • 1 Reply Like
did you provide a proper certificate to VSCG? given you're using ruckuswireless.be, im guessing you're using that as a private domain and not a public one. As such, I doubt you can get a proper domain cert. Also, you're using the IP to connect and the server is providing a certificate which does not have the IP, but only the hostname.

Regardles, the CURL option you want is CURLOPT_SSL_VERIFYHOST=0 instead of VERIFYPEER=0

Until you get a proper certificate, you'll need to use the VERIFYHOST=0 option. 

The proper certificate should have the CN (common name) issued to "scg.ruckuswireless.be" but also a SAN issued to the public IP 73.x.x.x 

good luck!
Photo of alexf

alexf

  • 31 Posts
  • 5 Reply Likes
Why don't you test first with curl command in a terminal? If it works, then you know it is not related to the SZ, and probably the issue is with the php code. 

You could try something like "curl -I https://nameSZ:8443"  If the output contains "HTTP/1.1 200 OK" then the issue is related to the php code. 

You should also look at the curl man page (try option -k).
Photo of Jonas Dekkers

Jonas Dekkers

  • 6 Posts
  • 0 Reply Likes
Thanks a lot Diego. It was not scg.ruckuswireless.be but .com. But indeed it will be a certificate problem. I didn't install a certificate on my VSCG. Is this the correct manual Diego? https://support.ruckuswireless.com/documents/1339-how-to-configure-certificates-for-smartzone

For the moment the verifyhost=0 is working. But we want a good solution so we will follow the manual.

@Alexf: I tested it with Curl terminal and received the same error. Thanks for the suggestion!
Photo of Diego Garcia del Rio

Diego Garcia del Rio

  • 13 Posts
  • 1 Reply Like
To install a proper certificate you need to own a correct domain for the controller, including DNS and install the cert on the system. It's very straightforward to install. You can use letsencrypt to generate the cert but you'll need to renew it manually as there is no native support for letsencrypt on vsz