skip to Main Content

I want to retrieve categories from ebay. This is my code:

function getCategories(){


    $endpoint = "https://api.ebay.com/ws/api.dll";
    //$endpoint = 'http://svcs.ebay.com/services/search/FindingService/v1';

    $api_dev_name = "XXX";
    $api_app_name = "XXX";
    $api_cert_name = "XXX";
    $auth_token = "XXX";

    $headers = array(
        'X-EBAY-API-COMPATIBILITY-LEVEL: 819',
        'X-EBAY-API-DEV-NAME: '.$api_dev_name,
        'X-EBAY-API-APP-NAME: '.$api_app_name,
        'X-EBAY-API-CERT-NAME: '.$api_cert_name,
        'X-EBAY-API-CALL-NAME: GetCategories',
        'X-EBAY-API-OPERATION-NAME: GetCategories',
        'X-EBAY-API-SITEID: EBAY-US',
        'Content-Type:text/xml'
    );

    $xmlRequest = "<?xml version="1.0" encoding="utf-8"?>";
    $xmlRequest .= "<GetCategoriesRequest xmlns="urn:ebay:apis:eBLBaseComponents">";
    $xmlRequest .= "<RequesterCredentials>";
    $xmlRequest .= "<eBayAuthToken>{$auth_token}</eBayAuthToken>";
    $xmlRequest .= "</RequesterCredentials>";
    $xmlRequest .= "<CategorySiteID>0</CategorySiteID>";
    $xmlRequest .= "<DetailLevel>ReturnAll</DetailLevel>";
    $xmlRequest .= "</GetCategoriesRequest>";
    $xmlRequestEncode = utf8_encode($xmlRequest);

    $curl = curl_init();

    curl_setopt_array($curl,
        array(
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_URL => $endpoint,
            CURLOPT_POST => true,
            CURLOPT_POSTFIELDS => $xmlRequestEncode,
            CURLOPT_HTTPHEADER => $headers
        )
    );

    $response = curl_exec($curl);

    if (!$response) {
        die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
    } else {
        echo $response;
    }

    curl_close($curl);
}

getCategories();

$api_dev_name, $api_app_name, $api_cert_name, and $auth_token are valid, active, and set in production environment.

I get this error from curl:

Error: “SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed” – Code: 60

Why do I get this error?

2

Answers


  1. According to OpenSSL’s s_client:

    $ openssl s_client -connect svcs.ebay.com:443
    CONNECTED(00000003)
    depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
    verify error:num=20:unable to get local issuer certificate
    verify return:0
    ---
    Certificate chain
     0 s:/C=US/ST=California/L=San Jose/O=eBay, Inc./OU=eBay Site Operations/CN=svcs.ebay.com
       i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
     1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
       i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
     2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
       i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
    ---
    ...
    

    So you need to trust the Class 3 Public Primary Certification Authority - G2. You can download form Verisign Root Certificates. Grab the one labelled Root 1 with fingerprint 85 37 1c a6 e5 50 14 3d ce 28 03 47 1b de 3a 09 e8 f8 77 0f.

    Once you download the ZIP file, you can find it in the folder Generation 2 (G2) PCAs. Its named Class 3 Public Primary Certification Authority – G2.pem.

    Finally, tell cURL to use the root certificate you downloaded. I can’t get to the cURL docs at curl.haxx.se at the moment, so I can’t tell you what to call to do it.

    DO NOT load the CA file with the hundreds of CAs. You know Verisign certifies eBay’s certificates, so only use the required Verisign CA. Don’t allow an attacker to get you to believe otherwise (for example, Truswave claiming they certify eBay).

    Login or Signup to reply.
  2. just add new two lines in curl_setopt_array,

    CURLOPT_SSL_VERIFYPEER => false, // new code
    CURLOPT_SSL_VERIFYHOST => false // new code
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search