use*_*111 11 php api curl certificate
我无法使用cURL通过php连接到TransUnion的测试API.如果有人已经这样做,请告诉我.我已经准备好发送给他们的XML文件了,我只是不知道是什么问题,因为我从他们那里收到了包含证书和密钥的.p12文件,但它仍然没有让我连接.我尝试了以下方法:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/certs/cert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'test_pass');
curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd().'/certs/key.pem');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'test_pass');
然后我尝试通过我的mac上的终端连接使用:
curl -cert /Users/temp_user/cert.pem -key /Users/temp_user/key.pem https://netaccess-test.transunion.com
有人可以让我知道我做错了什么.谢谢.
小智 5
我知道这是一篇较旧的帖子,但由于我在尝试解决与 TransUnion 的连接问题时遇到了它,所以我想我应该发布我所做的工作以使其正常工作,以防其他人仍然需要帮助。
我与 TransUnion 支持团队合作,结合我所掌握的信息和他们所掌握的信息,最终找到了一个可行的解决方案。
我发现的最大问题是关于如何转换证书的说明。
使用以下命令转换证书,以获得用于连接所需的部分。是的,你需要 3 个,大多数答案都说只需要 2 个,但你需要全部 3 个:
将证书转换为客户端、私钥和证书颁发机构证书三种不同的证书。
openssl pkcs12 -in client_systemID.p12 -out ca.pem -cacerts -nokeys //将.p12文件中的CA证书输出到ca.pem中
openssl pkcs12 -in client_systemID.p12 -out client.pem -clcerts -nokeys //将.p12文件中的客户端证书输出到client.pem中
openssl pkcs12 -in client_systemID.p12 -out key.pem -nocerts -nodes //将私钥从.p12输出到key.pem
然后你可以开始设置你的代码:
$keyFile = "key.pem";
$caFile = "ca.pem";
$certFile = "client.pem";
$certPass = $_ENV['TUNASSLPass']; //I am storing the passphrase in an Env variable
$URL = "https://netaccess-test.transunion.com";
$data = "<tuna-request-data>"; //need to set this to append to the URL
$xml = "<?xml version='1.0' encoding='UTF-8'?><creditBureau xmlns='http://www.transunion.com/namespace' xsi:schemaLocation='http://www.transunion.com/namespace creditBureau.xsd' xmlns:xsi='http://www.w3.org/3001/XMLSchema-instance'>{The rest of your XML}</creditBureau>";
// Initialise cURL
$ch = curl_init($actualUrl);
// The -d option is equivalent to CURLOPT_POSTFIELDS. But...
// PHP's libcurl interface does not implement the -G flag - instead you would
// append $data to $url like this:
$actualUrl = $URL.'?'.$data;
curl_setopt($ch, CURLOPT_URL, $actualUrl);
// The -v flag only makes sense at the command line, but it can be enabled
// with CURLOPT_VERBOSE - in this case the information will be written to
// STDERR, or the file specified by CURLOPT_STDERR. I will ignore this for
// now, but if you would like a demonstration let me know.
// The --key option - If your key file has a password, you will need to set
// this with CURLOPT_SSLKEYPASSWD
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);
// The --cacert option
curl_setopt($ch, CURLOPT_CAINFO, $caFile);
// The --cert option
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, "xml=" . $xml);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
try
{
$result = curl_exec($ch);
}
catch (Exception $e)
{
echo 'There was an issue querying TransUnion. Here is the returned exception info: ', $e->getMessage(), "\n";
}
if (curl_errno($ch) > 0)
{
$result = array('errocurl' => curl_errno($ch), 'msgcurl' => curl_error($ch));
echo "There was an error calling Trans Union. Here is the error info: <br>" . curl_error($ch);
}
curl_close($ch);
确保从 p12 文件中正确提取证书,如下所示:
要提取 CA 证书:
openssl pkcs12 -in NAME_OF_P12_FILE.p12 -cacerts -nokeys -out NAME_OF_PEM_FILE_TO_CREATE.pem
要提取个人证书:
openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nokeys -out NAME_OF_PEM_FILE_TO_CREATE.pem
提取私钥:
有密码:openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nocerts -out NAME_OF_PEM_FILE_TO_CREATE.pem
没有密码:openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nocerts -nodes -out NAME_OF_PEM_FILE_TO_CREATE.pem
| 归档时间: |
|
| 查看次数: |
2467 次 |
| 最近记录: |