How to make certificate in OpenSSL to work with php?
https://stackoverflow.com/questions/4603175
-
25-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Recently i decided to add banklink payment option for my php store and after reading specifications of implementation everything seems okey, but the 1 point of it. All public key(certificates) exchange are in X509 format. Now what does that last one mean and how it's different from regular password protected .pem file?
Also with regular password protected .pem file i cannot use php function like openssl_verify() signed by openssl_sign() function.
Could i get some advice here please since the bank that offering this payment method has very little information on this and im totally newb to this.
So the routine i need to do here is generate request.pem for them and send it to them. After that they will sign it or whatever i dunno and i should be able to use it in my application.
Please, tell me if my information is not enough because as i told i don't know much when in comes to certificates or openssl.
Solution
PEM file contains encrypted and base64-encoded 'raw' certificate/private key value, so functions that work with PEM should also work with raw certificates. OpenSSL should be able to convert from one format to another.
OTHER TIPS
You have to use curl concept.
curl_setopt($ch, CURLOPT_SSLCERT,'CA.pem');
Honestly, the OpenSSL capabilities in PHP are abysmal. Your best bet is to go for an awesome package like phpseclib.
long time ago i was doing something similar. The difference is they just gave me the pem file, and i used it to connect to their server.
Below I wrote my guiessing for you. :)
- Generate myreq.pem using openssl tool.
- Send myreq.pem to them and get signed certificate ca.pem.
- Use ca.pem in PHP like below.
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'verify_peer', false); //or can be true
stream_context_set_option($context, 'ssl', 'cafile', "ca.pem");
stream_context_set_option($context, 'ssl', 'local_cert', "ca.pem");
stream_context_set_option($context, 'ssl', 'passphrase', 'your pem file password');
//instead tls can be ssl, sslv3, sslv2 depending requirements, 10 is timeout
$sock = stream_socket_client("tls://host:port", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $context);
fwrite($sock, "Hi server\r\n");
$strResponse;
while(!feof($sock)) { $strResponse = $strResponse . fgets($sock, 1024); }
fclose($s);
echo $strResponse;
