?
Solved

using PEM certificate file

Posted on 2013-01-10
4
Medium Priority
?
838 Views
Last Modified: 2013-02-11
After evolving on our PHP interface with a SOAP web service, from PHP SOAP Client, to XML built with PHP code, we have reached a new blocking. We are reaching the werserver that has the web service to consume but we can not get authenticated.
We received from the web service owner 2 files. A pfx extension file and a cer extension file. So far we realized that we would be better off if we used the pfx file converted into a pem extension file. We have converted the pfx into a pem file using the following command
     openssl pkcs12 -in cert_file.pfx -out cert_file.pem
The pem file was created in the target directory we gave the command.

The question we need to post is "What we should do know to use the new certificate file on our PHP script?"

Attached you will fond a copy of the file we are using.

And "What should we do to install the certificate on the machine that invokes the web service?"
Beste regards
LCoelho
Curl.php
0
Comment
Question by:luciliacoelho
  • 2
4 Comments
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1332 total points
ID: 38763552
Ok,
  As far as I know (but could be wrong!) SSL_CERTTYPE doesn't support PFX so that isn't needed (particularly now that you are using PEM. PEM is the default, so you don't need to set that at all)

CURLOPT_SSLKEY should be set to be the PEM file exported by openssl

CURLOPT_SSKCERT should *also* be set to the same file (if you look inside you should see PEM headers for both the secret key and the public cert, and CURL will know which to use)

if you set a password for the secret key, you should set that in CURLOPT_SSLKEYPASSWORD (but I guess that you didn't)

note that sometimes openssl will export not only the end cert but also the intermediate and root certs if they are in the pfx - that can cause issues, as if they *are* included, they must be in order from the end cert upwards (and openssl tends to export them from root down)

you can also use http://sourceforge.net/projects/xca as a gui tool equivalent to the openssl command line - that can be a convenient resource when investigating issues :)
0
 

Author Comment

by:luciliacoelho
ID: 38766273
Thaís for your help.
I am going to check this.
Kind regards
LCoelho
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 668 total points
ID: 38792538
IIRC you need 2 files for PHP's curl: the private key file and the certificate file
so you first must identify what the files contain you have
don't relly on the extension, it does *not* tell what the content of the file is (just a cert, or just a key, or both), you *need* to know it
then you can use openssl to convert the files you have in those you curl requires
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1332 total points
ID: 38792559
@ahoffmann: php curl usually is happy with one file, provided it has both the cert and secret key in it.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question