[英]How to create certificate to connect with SOAP Client with PHP
Provider has SOAP server in.Net environment and I have to connect to it with PHP.提供商在.Net 环境中有 SOAP 服务器,我必须使用 PHP 连接到它。
Given initial paths给定初始路径
$serviceUri = 'https://provider.com/service.svc';
$singleWsdl = 'https://provider.com/service.svc?singlewsdl';
these URLs can only be accessed through browser after selecting my personal certificate (signature) for login.这些 URL 只能在选择我的个人证书(签名)进行登录后通过浏览器访问。
I have my personal certificate in the form me.pfx
and I used the following commands to generate private and public key separately.我的个人证书格式me.pfx
,我使用以下命令分别生成私钥和公钥。
$ openssl pkcs12 -in me.pfx -nocerts -nodes -out me.key
$ openssl rsa -in me.key -out me_private.key
$ openssl rsa -in me.key -pubout -out me_public.key
$ openssl pkcs8 -topk8 -inform PEM -in me_private.key -outform PEM -nocrypt
Then I copied the last output, create a new text file me_private_pkcs8.key
, and pasted said output in.然后我复制了最后一个 output ,新建一个文本文件me_private_pkcs8.key
,并将 output 粘贴进去。
Provider gave my user profile full privileges so I should be able to access the WSDL.提供商给了我的用户配置文件完全权限,所以我应该能够访问 WSDL。
Either I used the wrong way to create key pair (from above):要么我使用了错误的方式来创建密钥对(从上面):
$localCert = "me_public.key";
$localKey = "me_private_pkcs8.key";
, or I am calling SoapClient the wrong way. ,或者我以错误的方式调用 SoapClient。 I have tried several ways:我尝试了几种方法:
$soapClient = new \SoapClient($singleWsdl);
$soapClient = new \SoapClient($singleWsdl, [
'local_cert' => $localCert,
'passphrase' => '',
]);
$context = stream_context_create([
"ssl" => [
"local_cert" => $localCert,
"local_pk" => $localKey,
]
]);
$soapClient = new \SoapClient($singleWsdl, ["context" => $context]);
$opts = [
'ssl' => [
'ciphers' => 'RC4-SHA',
'verify_peer' => false,
'verify_peer_name' => false,
]
];
// SOAP 1.2 client
$params = [
'encoding' => 'UTF-8',
'verifypeer' => false,
'verifyhost' => false,
'soap_version' => SOAP_1_1,
'trace' => 1,
'exceptions' => 1,
"connection_timeout" => 180,
'stream_context' => stream_context_create($opts),
'local_cert' => $localCert,
'passphrase' => '',
];
$soapClient = new \SoapClient($singleWsdl, $params);
$soapClient = new \SoapClient($singleWsdl, [
'soap_version' => 'SOAP_1_2',
'location' => $serviceUri,
'local_cert' => $localCert,
]);
$contextOptions = [
'ssl' => [
'local_cert' => $localCert,
'local_pk' => $localKey,
'SNI_enabled' => true,
'peer_name' => $serviceUri,
]
];
$options = [
"soap_version" => SOAP_1_2,
"features" => SOAP_SINGLE_ELEMENT_ARRAYS,
"stream_context" => stream_context_create($contextOptions),
];
$soapClient = new \SoapClient($singleWsdl, $options);
and they all result in a Fatal Error:它们都会导致致命错误:
SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://provider.com/service.svc?singlewsdl' : failed to load external entity "https://provider.com/service.svc?singlewsdl" in C:\laragon\www\test-soap\private\test.php:27 Stack trace: #0 C:\laragon\www\test-soap\private\test.php(27): SoapClient->__construct('https://provide...') #1 {main}
Finally figured it out after 3 active days of searching.经过 3 天的积极搜索,终于弄明白了。 At least it worked for me.至少它对我有用。
$ cd path/to/certificate/
$ openssl pkcs12 -in personal_certificate.pfx -out public_key.pem -clcerts
First you have to enter YOUR_CERT_PASSWORD
once, then DIFFERENT_PASSWORD!
首先,您必须输入一次YOUR_CERT_PASSWORD
,然后输入DIFFERENT_PASSWORD!
twice.两次。 The latter will possibly be available to everyone with access to code.后者可能对所有有权访问代码的人都可用。
<?php
$wsdlUrl = "https://example.com/service.svc?singlewsdl";
$publicKey = "rel/path/to/certificate/public_key.pem";
$password = "DIFFERENT_PASSWORD!";
$params = [
'local_cert' => $publicKey,
'passphrase' => $password,
'trace' => 1,
'exceptions' => 0
];
$soapClient = new \SoapClient($wsdlUrl, $params);
var_dump($soapClient->__getFunctions());
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.