soap - Trouble connecting to SSL-encrypted web service with PHP -
i got 2 certificate files provider, 1 in .cer-format , 1 in .p7b-format. converted p7b-certificate p12-certificate. certificate i'm able connect wsdl browser. proceeded convert certificate .pem-format, using instructions found on site.
openssl pkcs12 -clcerts -nokeys -out test.pem -in mycert.p12 openssl pkcs12 -nocerts -out key.pem -in mycert.p12
then combing cert key using following command:
cat test.pem key.pem > cert.pem
heres construct web service class:
public function __construct() { $wsdl_url = 'https://url.to/web_service?wsdl'; $pass = 'passphrase'; $cert = 'cert.pem'; try { $this->client = new soapclient($wsdl_url, array('local_cert' => $cert, 'passphrase' => $pass)); } catch(soapfault $e) { print_r($e); } }
and here error:
ssl operation failed code 1. openssl error messages: error:14094418:ssl routines:ssl3_read_bytes:tlsv1 alert unknown ca in /var/www/html/..
trying verify certificate using:
openssl verify cert.pem
gives me following error:
error 20 @ 0 depth lookup:unable local issuer certificate
i've tried creating .pem-certificate using following openssl command:
openssl pkcs12 -in mycert.p12 -out mycert.pem
verifying gives me ok, php gives me following error:
unable set local cert chain file `mycert.pem'; check cafile/capath settings include details of certificate , issuer
i'm assuming should possible make work somehow, able access wsdl through browser, using .p12-certificate. i'm not able locate solution how should proceed. in advance.
i think have few problems here. firstly, don't think options local certificate being used constructor soapclient object. options array not support ssl config options. secondly, given options you're supplying soapclient not being used open ssl complaining certificate on remote host being self certified certificate.
i think should possible around without playing code can't sure on of options. think need create custom stream context using stream_context_create() set ssl options need (have @ http://ca.php.net/stream_context_create , context options ssl). can passed soapclient object stream_context option in config array. using stream_context can set various ssl options need , these override defaults.
i'm sorry can't more precise on options need set. playing around stream context solve issue.
Comments
Post a Comment