Need to connect with local certificate to SOAP Webservice with PHP7
Need to consume a SOAP webservice with an SSL Certificate, we have the certificate and is in PEM format, all attempts to connect to the endpoint say, we've looked everywhere online and can't find the solution to this and the documentation on PHP and OpenSSL is... complex...
If we comment out the $localCert we can connect to it, the PHP version running is:
Error: SoapFault exception: [HTTP] Could not connect to host inIf we comment out the $localCert we can connect to it, the PHP version running is:
[root@smpp StartNotification]# php -v
PHP 7.0.3 (cli) (built: Feb 4 2016 20:50:17) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
[root@smpp StartNotification]# $localCert = "file.pem";
$opciones= array(
"local_cert" => $localCert,
"trace" => 1,
"exceptions"=>1,
"features" => SOAP_SINGLE_ELEMENT_ARRAYS,
"stream_context"=>stream_context_create(array(
"ssl"=>array(
'ciphers' => 'DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA',
'verify_peer' => false,
'verify_peer_name' => false,
"ca_file"=>$localCert,
'allow_self_signed' => false //can fiddle with this one.
)
)
)
); ASKER
hi David, the endpoint is public and we can connect to it without the use of SSL certificate, even if we do https:// when consuming... the endpoint is this:
https://huba.americamovil.com:2443/asg/services/SmsNotificationManagerService
Here's what I see.
So you're using the https:// protocol + there's no TLS connection at your endpoint.
Tip: You're going to have a devil of a time working with HTTPS + random ports (non-443). This will add hours of debugging to every minor issue.
Better to use port 443.
Tip: Whatever you do, you must have a listener at the other end.
In your case, your listener provides no HTTPS support, so you can't use an https:// URL.
And your HTTP connection might be working, as the Empty reply from server might simply mean no args were passed correctly.
Likely best to change your listener (if it's really running) to return better diagnostics for debugging, like a 400 or 403 or something like that.
imac> curl -I -L http://huba.americamovil.com:2443/asg/services/SmsNotificationManagerService
curl: (52) Empty reply from server
imac> curl -I -L https://huba.americamovil.com:2443/asg/services/SmsNotificationManagerService
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.So you're using the https:// protocol + there's no TLS connection at your endpoint.
Tip: You're going to have a devil of a time working with HTTPS + random ports (non-443). This will add hours of debugging to every minor issue.
Better to use port 443.
Tip: Whatever you do, you must have a listener at the other end.
In your case, your listener provides no HTTPS support, so you can't use an https:// URL.
And your HTTP connection might be working, as the Empty reply from server might simply mean no args were passed correctly.
Likely best to change your listener (if it's really running) to return better diagnostics for debugging, like a 400 or 403 or something like that.
ASKER
Its important to mention that the endpoint has ACL enabled to only some ips... 34 providers are already consuming the service without issues... only us left
Currently there's no HTTPS port 2443 listener at this endpoint.
I only trust tools which provide hard data.
Now you may be able to access your service via HTTP (see above) + HTTPS will never work or the HTTPS listener is currently broken.
I only trust tools which provide hard data.
Now you may be able to access your service via HTTP (see above) + HTTPS will never work or the HTTPS listener is currently broken.
ASKER
this is what I got on my end from a server who's IP is in the allow all list of that server
[root@smpp ~]# curl -I -L https://huba.americamovil.com:2443/asg/services/SmsNotificationManagerService
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
in the above code in the main question, if I comment out local_cert I can connect to it, and consume the service in HTTPS 443 without any issues, its when we use the certificate they sent that it fails
[root@smpp ~]# curl -I -L https://huba.americamovil.com:2443/asg/services/SmsNotificationManagerService
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
in the above code in the main question, if I comment out local_cert I can connect to it, and consume the service in HTTPS 443 without any issues, its when we use the certificate they sent that it fails
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Keep in mind, you must use a public (resolvable host/domain) for SSL to work.
Well, to work correctly/easily.