Jump to content

Soap connection to DataPower service


Darghon

Recommended Posts

Hi all,

 

I've been struggling for months with a connection to a DataPower webservice using PHP.

In SoapUI I've managed to get a response (an error message, but a response non the less) but in php, Soap always returns a NULL value.

 

The service in question requires me to use a client certificate.

Creating a p12 keystore with my private key (used to request the certificate) and the complete certificate chain provided by the service host, I'm able to get a connection using SoapUI (by using ssl for each request with the formentioned p12 file)

 

Now, I want to accomplisch the same thing in php, so, I did the following:

- I installed the root and CA2 certificate from the service provider on my php server

- I construct a soap_client using the received wsdl file (same one as I use in SoapUi) and add the below listed options to the constructor

$options = [
    'trace' => 1,
    'exceptions' => 1,
    'local_cert' => $this->_getCertificateLocation('P12_KEYFILE'),
    'passphrase' => $keyfile_passphrase
];

The _getCertificateLocation returns the absolute path of the cert file, which is correct and accessable.

 

Alternatively I've also tried to convert the P12 file to a PEM file using the below command, but results in thee same effect.

openssl pkcs12 -in discimus_keystore.p12 -out discimus.pem -clcerts

Anything I need to add/reconsider? or any advice on this matter?

 

Thanks for any help.

Darghon

Link to comment
Share on other sites

  • 2 weeks later...

Well, since no one was able to help me, and I've eventually managed to fix this, I'll add my solution (and problems) in this post.

 

So, I needed to connect to a Soap Service using WSSE. Not with a user/pass auth in it, but with a client certificate, a binary security token and such wonderful things.

 

First, I needed to make a p12 certificate file, using my client certificate (with the cert chain) and my private key (used to request the client certificate).

Next, I needed to convert the p12 file to a BASE64 encoded pem file.

 

Finally, in the soap_client constructor, you need to add "local_cert" and "passphrase" in the options part with the full path of the pem file, and your used password (if any).

Next, and this one was my biggest issue, make sure your server can resolve the host address of the webservice. Ping it first, and if needed, add it to your host file *facepalm*

 

Finally, construct your soap envelop (I've used a public PHP WSSE library for mine), and execute the request.

 

Feel free to ask more details if need be.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.