11

I'm unable to make an encrypted SOAP request in PHP. As per the documentation, I encrypted each request to the payment gateway. I generated a CSR & sent it to the authority for the certificate. They sent back me the domain certificate & CA certificate. The biggest problem is that the documentation is not meant for PHP. As per the document:

The web service is protected with WS-Security Sign and encryption policy

After searching a long time I found a helper class from Git but whenever I try to connect I get the following error:

General security error (No certificates were found for decryption (KeyId))

FaultCode : wsse:InvalidSecurity

I tried to set SSL header as follows:

$contextOptions = array(
    'ssl' => array(
        'verify_peer'   => false,
        'verify_peer_name'  => false,
        'cafile'        => '../../certs/CA.cer',
        'local_cert'        => '../../certs/server.cer',
        'local_pk'        => '../../certs/private_key.key',
        'verify_depth'  => 0,
        'allow_self_signed'=>true,
    )
);

$sslContext = stream_context_create($contextOptions);

Update

I defined the keys as :

define('PRIVATE_KEY', 'server_prvate_key.key');
define('CERT_FILE', 'domain_cert.cer');
define('SERVICE_CERT', 'CA.cer');

Anything wrong with this definition (please see the above GIT link)?

jasonlam604
  • 1,456
  • 2
  • 16
  • 25
Shan
  • 1,081
  • 1
  • 12
  • 35
  • Do that `cer`/`key` files/path exists? Did you take a look on that http://stackoverflow.com/questions/7147988/creating-a-php-soap-request-with-a-certificate – Gabriel Heming May 03 '17 at 11:32
  • @GabrielHeming Yes. The files exist – Shan May 03 '17 at 11:33
  • You need to define the full path to your key and certificates, that helper class won't guess in what folder they are – Capsule May 15 '17 at 03:09
  • @Capsule The path is correct , The key & certificates contents are available too – Shan May 15 '17 at 05:29
  • Where do you exactly implement the class you refer to? – therebelcoder May 18 '17 at 00:24
  • @stevenvanc i used the class exactly as shown in the link.i really dont need to use that class if there is an alternate way , but i don't have gud knowledge in soap. – Shan May 20 '17 at 13:09
  • I meant: Can you show more code? I don't see where you call or implement that class in your code? – therebelcoder May 20 '17 at 14:14
  • No changes, directly added private key , & certificates. I added the above $contextOptions as : $sc = new MySoap($wsdl, array('trace' => 1,'stream_context' => $sslContext)); – Shan May 20 '17 at 14:29

1 Answers1

6

Are you tried using curl?

Use the following option to set your certificate:

    curl_setopt($ch,CURLOPT_CAINFO, 'CA.cer' );
    curl_setopt($ch,CURLOPT_SSLCERT, 'domain_cert.cer' );
    curl_setopt($ch,CURLOPT_SSLKEY, 'server_prvate_key.key' );
    curl_setopt($ch,CURLOPT_SSLCERTPASSWD, 'certificate_password' ); //if have

I use encrypted connection to payment gateways and other services using curl and works like a charm.

rafrsr
  • 1,940
  • 3
  • 15
  • 31
  • I tried curl But im getting false after curl execution , after checking the exception i found the error : " wsse:InvalidSecurityMissing wsse:Security header in request", I dont know how to add the security header ! searched a while & i found some samples with suername and passwords – Shan May 20 '17 at 13:05