using PEM certificate file

After evolving on our PHP interface with a SOAP web service, from PHP SOAP Client, to XML built with PHP code, we have reached a new blocking. We are reaching the werserver that has the web service to consume but we can not get authenticated.
We received from the web service owner 2 files. A pfx extension file and a cer extension file. So far we realized that we would be better off if we used the pfx file converted into a pem extension file. We have converted the pfx into a pem file using the following command
     openssl pkcs12 -in cert_file.pfx -out cert_file.pem
The pem file was created in the target directory we gave the command.

The question we need to post is "What we should do know to use the new certificate file on our PHP script?"

Attached you will fond a copy of the file we are using.

And "What should we do to install the certificate on the machine that invokes the web service?"
Beste regards
LCoelho
Curl.php
luciliacoelhoAsked:
Who is Participating?
 
ahoffmannCommented:
IIRC you need 2 files for PHP's curl: the private key file and the certificate file
so you first must identify what the files contain you have
don't relly on the extension, it does *not* tell what the content of the file is (just a cert, or just a key, or both), you *need* to know it
then you can use openssl to convert the files you have in those you curl requires
0
 
Dave HoweSoftware and Hardware EngineerCommented:
Ok,
  As far as I know (but could be wrong!) SSL_CERTTYPE doesn't support PFX so that isn't needed (particularly now that you are using PEM. PEM is the default, so you don't need to set that at all)

CURLOPT_SSLKEY should be set to be the PEM file exported by openssl

CURLOPT_SSKCERT should *also* be set to the same file (if you look inside you should see PEM headers for both the secret key and the public cert, and CURL will know which to use)

if you set a password for the secret key, you should set that in CURLOPT_SSLKEYPASSWORD (but I guess that you didn't)

note that sometimes openssl will export not only the end cert but also the intermediate and root certs if they are in the pfx - that can cause issues, as if they *are* included, they must be in order from the end cert upwards (and openssl tends to export them from root down)

you can also use http://sourceforge.net/projects/xca as a gui tool equivalent to the openssl command line - that can be a convenient resource when investigating issues :)
0
 
luciliacoelhoAuthor Commented:
Thaís for your help.
I am going to check this.
Kind regards
LCoelho
0
 
Dave HoweSoftware and Hardware EngineerCommented:
@ahoffmann: php curl usually is happy with one file, provided it has both the cert and secret key in it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.