?
Solved

using PEM certificate file

Posted on 2013-01-10
4
Medium Priority
?
823 Views
Last Modified: 2013-02-11
After evolving on our PHP interface with a SOAP web service, from PHP SOAP Client, to XML built with PHP code, we have reached a new blocking. We are reaching the werserver that has the web service to consume but we can not get authenticated.
We received from the web service owner 2 files. A pfx extension file and a cer extension file. So far we realized that we would be better off if we used the pfx file converted into a pem extension file. We have converted the pfx into a pem file using the following command
     openssl pkcs12 -in cert_file.pfx -out cert_file.pem
The pem file was created in the target directory we gave the command.

The question we need to post is "What we should do know to use the new certificate file on our PHP script?"

Attached you will fond a copy of the file we are using.

And "What should we do to install the certificate on the machine that invokes the web service?"
Beste regards
LCoelho
Curl.php
0
Comment
Question by:luciliacoelho
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1332 total points
ID: 38763552
Ok,
  As far as I know (but could be wrong!) SSL_CERTTYPE doesn't support PFX so that isn't needed (particularly now that you are using PEM. PEM is the default, so you don't need to set that at all)

CURLOPT_SSLKEY should be set to be the PEM file exported by openssl

CURLOPT_SSKCERT should *also* be set to the same file (if you look inside you should see PEM headers for both the secret key and the public cert, and CURL will know which to use)

if you set a password for the secret key, you should set that in CURLOPT_SSLKEYPASSWORD (but I guess that you didn't)

note that sometimes openssl will export not only the end cert but also the intermediate and root certs if they are in the pfx - that can cause issues, as if they *are* included, they must be in order from the end cert upwards (and openssl tends to export them from root down)

you can also use http://sourceforge.net/projects/xca as a gui tool equivalent to the openssl command line - that can be a convenient resource when investigating issues :)
0
 

Author Comment

by:luciliacoelho
ID: 38766273
Thaís for your help.
I am going to check this.
Kind regards
LCoelho
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 668 total points
ID: 38792538
IIRC you need 2 files for PHP's curl: the private key file and the certificate file
so you first must identify what the files contain you have
don't relly on the extension, it does *not* tell what the content of the file is (just a cert, or just a key, or both), you *need* to know it
then you can use openssl to convert the files you have in those you curl requires
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1332 total points
ID: 38792559
@ahoffmann: php curl usually is happy with one file, provided it has both the cert and secret key in it.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question