Solved

using PEM certificate file

Posted on 2013-01-10
4
815 Views
Last Modified: 2013-02-11
After evolving on our PHP interface with a SOAP web service, from PHP SOAP Client, to XML built with PHP code, we have reached a new blocking. We are reaching the werserver that has the web service to consume but we can not get authenticated.
We received from the web service owner 2 files. A pfx extension file and a cer extension file. So far we realized that we would be better off if we used the pfx file converted into a pem extension file. We have converted the pfx into a pem file using the following command
     openssl pkcs12 -in cert_file.pfx -out cert_file.pem
The pem file was created in the target directory we gave the command.

The question we need to post is "What we should do know to use the new certificate file on our PHP script?"

Attached you will fond a copy of the file we are using.

And "What should we do to install the certificate on the machine that invokes the web service?"
Beste regards
LCoelho
Curl.php
0
Comment
Question by:luciliacoelho
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 38763552
Ok,
  As far as I know (but could be wrong!) SSL_CERTTYPE doesn't support PFX so that isn't needed (particularly now that you are using PEM. PEM is the default, so you don't need to set that at all)

CURLOPT_SSLKEY should be set to be the PEM file exported by openssl

CURLOPT_SSKCERT should *also* be set to the same file (if you look inside you should see PEM headers for both the secret key and the public cert, and CURL will know which to use)

if you set a password for the secret key, you should set that in CURLOPT_SSLKEYPASSWORD (but I guess that you didn't)

note that sometimes openssl will export not only the end cert but also the intermediate and root certs if they are in the pfx - that can cause issues, as if they *are* included, they must be in order from the end cert upwards (and openssl tends to export them from root down)

you can also use http://sourceforge.net/projects/xca as a gui tool equivalent to the openssl command line - that can be a convenient resource when investigating issues :)
0
 

Author Comment

by:luciliacoelho
ID: 38766273
Thaís for your help.
I am going to check this.
Kind regards
LCoelho
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 167 total points
ID: 38792538
IIRC you need 2 files for PHP's curl: the private key file and the certificate file
so you first must identify what the files contain you have
don't relly on the extension, it does *not* tell what the content of the file is (just a cert, or just a key, or both), you *need* to know it
then you can use openssl to convert the files you have in those you curl requires
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 38792559
@ahoffmann: php curl usually is happy with one file, provided it has both the cert and secret key in it.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question