Jump to content
Sign in to follow this  
Darghon

Soap connection to DataPower service

Recommended Posts

Hi all,

 

I've been struggling for months with a connection to a DataPower webservice using PHP.

In SoapUI I've managed to get a response (an error message, but a response non the less) but in php, Soap always returns a NULL value.

 

The service in question requires me to use a client certificate.

Creating a p12 keystore with my private key (used to request the certificate) and the complete certificate chain provided by the service host, I'm able to get a connection using SoapUI (by using ssl for each request with the formentioned p12 file)

 

Now, I want to accomplisch the same thing in php, so, I did the following:

- I installed the root and CA2 certificate from the service provider on my php server

- I construct a soap_client using the received wsdl file (same one as I use in SoapUi) and add the below listed options to the constructor

$options = [
    'trace' => 1,
    'exceptions' => 1,
    'local_cert' => $this->_getCertificateLocation('P12_KEYFILE'),
    'passphrase' => $keyfile_passphrase
];

The _getCertificateLocation returns the absolute path of the cert file, which is correct and accessable.

 

Alternatively I've also tried to convert the P12 file to a PEM file using the below command, but results in thee same effect.

openssl pkcs12 -in discimus_keystore.p12 -out discimus.pem -clcerts

Anything I need to add/reconsider? or any advice on this matter?

 

Thanks for any help.

Darghon

Share this post


Link to post
Share on other sites

Well, since no one was able to help me, and I've eventually managed to fix this, I'll add my solution (and problems) in this post.

 

So, I needed to connect to a Soap Service using WSSE. Not with a user/pass auth in it, but with a client certificate, a binary security token and such wonderful things.

 

First, I needed to make a p12 certificate file, using my client certificate (with the cert chain) and my private key (used to request the client certificate).

Next, I needed to convert the p12 file to a BASE64 encoded pem file.

 

Finally, in the soap_client constructor, you need to add "local_cert" and "passphrase" in the options part with the full path of the pem file, and your used password (if any).

Next, and this one was my biggest issue, make sure your server can resolve the host address of the webservice. Ping it first, and if needed, add it to your host file *facepalm*

 

Finally, construct your soap envelop (I've used a public PHP WSSE library for mine), and execute the request.

 

Feel free to ask more details if need be.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.