Solved

using PEM certificate file

Posted on 2013-01-10
4
793 Views
Last Modified: 2013-02-11
After evolving on our PHP interface with a SOAP web service, from PHP SOAP Client, to XML built with PHP code, we have reached a new blocking. We are reaching the werserver that has the web service to consume but we can not get authenticated.
We received from the web service owner 2 files. A pfx extension file and a cer extension file. So far we realized that we would be better off if we used the pfx file converted into a pem extension file. We have converted the pfx into a pem file using the following command
     openssl pkcs12 -in cert_file.pfx -out cert_file.pem
The pem file was created in the target directory we gave the command.

The question we need to post is "What we should do know to use the new certificate file on our PHP script?"

Attached you will fond a copy of the file we are using.

And "What should we do to install the certificate on the machine that invokes the web service?"
Beste regards
LCoelho
Curl.php
0
Comment
Question by:luciliacoelho
  • 2
4 Comments
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 38763552
Ok,
  As far as I know (but could be wrong!) SSL_CERTTYPE doesn't support PFX so that isn't needed (particularly now that you are using PEM. PEM is the default, so you don't need to set that at all)

CURLOPT_SSLKEY should be set to be the PEM file exported by openssl

CURLOPT_SSKCERT should *also* be set to the same file (if you look inside you should see PEM headers for both the secret key and the public cert, and CURL will know which to use)

if you set a password for the secret key, you should set that in CURLOPT_SSLKEYPASSWORD (but I guess that you didn't)

note that sometimes openssl will export not only the end cert but also the intermediate and root certs if they are in the pfx - that can cause issues, as if they *are* included, they must be in order from the end cert upwards (and openssl tends to export them from root down)

you can also use http://sourceforge.net/projects/xca as a gui tool equivalent to the openssl command line - that can be a convenient resource when investigating issues :)
0
 

Author Comment

by:luciliacoelho
ID: 38766273
Thaís for your help.
I am going to check this.
Kind regards
LCoelho
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 167 total points
ID: 38792538
IIRC you need 2 files for PHP's curl: the private key file and the certificate file
so you first must identify what the files contain you have
don't relly on the extension, it does *not* tell what the content of the file is (just a cert, or just a key, or both), you *need* to know it
then you can use openssl to convert the files you have in those you curl requires
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 38792559
@ahoffmann: php curl usually is happy with one file, provided it has both the cert and secret key in it.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now