PHP and Postman Curl option-less error and certificate handling

Question

I need to run this string in postman

curl -i -X POST -H “SOAPAction: urn:nhs-itk:services:201005:getNHSNumber-v1-0” -H “content-type: text/xml” –E pem_filename.pem -d @getNHSNumber.xml -k https://someip/smsp/pds

When I import in Postman usin raw data I get this error Error while importing Curl: 4 option-less arguments found. Only one is supported (the URL)

Am connected via VPN and have 3 certificates and 1 key endpoint certificate, endpoint issuing subCA certificate, Root CA certificate and endpoint private key in following format

Your endpoint private key:

-----BEGIN RSA PRIVATE KEY-----

my key content

-----END RSA PRIVATE KEY-----

Your endpoint certificate

-----BEGIN CERTIFICATE----- my cert content -----END CERTIFICATE-----

Endpoint issuing subCA certificate

-----BEGIN CERTIFICATE----- my cert content -----END CERTIFICATE-----

Root CA certificate

-----BEGIN CERTIFICATE----- my cert content -----END CERTIFICATE-----

For now I created one pem file out of all these keys by copying them all in single file and tried using in php and postman. I shared Postmam error above. PHP code error was Curl Error: could not load PEM client certificate, OpenSSL error error:0906D06C:PEM routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wrong file format?)No HTTP code was returned

php code

<?php
$url = "https://myip/smsp/pds";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);

$pemFile = tmpfile();
fwrite($pemFile, "abc.pem");//the path for the pem file
$tempPemPath = stream_get_meta_data($pemFile);
$tempPemPath = $tempPemPath['uri'];
curl_setopt($ch, CURLOPT_SSLCERT, $tempPemPath); 

//curl_setopt($ch, CURLOPT_SSLCERT, "test.pem" );
curl_setopt($ch,CURLOPT_SSLCERTTYPE,"PEM");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_POST, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$post = array(
    "file" => "@" .realpath("getNHSNumber.xml")
);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
//curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data);
curl_setopt($ch, CURLOPT_VERBOSE, true);

$result = curl_exec($ch);

if(!$result)
{
    echo "Curl Error: " . curl_error($ch);
}
else
{
    echo "Success: ". $result;
}

$info = curl_getinfo($ch);
curl_close($ch); // close cURL handler
?>

My questions are How can I run this in php ? in postman ? and am I creating correct pem file ?

Answer 1

You are creating a temporary file (which will be empty, of course - it was just created) and then try to use it as a certificate. You say that you have already created your PEM file (by concatenating the Root CA, intermediate CA and your endpoint certificate) - so simply point CURL to this file:

curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_PORT , 443);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($curl, CURLOPT_SSLVERSION, 1);
curl_setopt($curl, CURLOPT_SSLCERT, "/var/www/project/concatenated.pem");
curl_setopt($curl, CURLOPT_SSLKEY, "/var/www/project/my_key.pem");
curl_setopt($curl, CURLOPT_CAINFO, "/etc/ssl/certs/ca-bundle.pem");
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 2);

If your key is password-protected you should add

curl_setopt($curl, CURLOPT_KEYPASSWD, "password");