Calling https service with WSClient

Wednesday, March 12, 2008

Past few days I saw several users have raised the question, how to call https services from WSClient. In order to call such kind of services, you need to have the server's Certificate Authoritys Certificate (CACert), and specify it in the construction of WSClient,

$client = new WSClient(array("to" => "https://somehost.com/somewhere/service",
"CACert" => "cert.pem"));

If for some reason you don't have the servers CACert you can use the server's certificate itself as the CACert. In order to obtain the server's certificate use the following command, (assuming you already have openssl installed)

openssl s_client -connect somehost.com:443
Note: you should change the somehost.com:443 to the servers name and port.

Then extract out the text between "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----"(inclusive of those two lines too) and save them in a file (cert.pem),

This way your server will be validated and will do the service call securely.

6 comments:

Martijn said...

Well i tried the above and don't seem to get it working.
Did anyone get the above sample working?

If i run the service on my local machine and try to access it through http it works very well.

But the live machine is https.

Im really stuck here :(

Dimuthu said...

Just check whether your "cert.pem" is accessible through the service. Note the path for the certificate should be relative to the service php file. And to make sure extract the certificate with the guide of this blog.
http://phpwebservices.blogspot.com/2008/05/how-to-get-services-x509-certificate.html

Martijn said...

How can i check if its accessable through the service? When i check the logs i dont see any errors about the certificate. I used the example of extracting the certificate just like you said. still no luck :( Im now trying to setup a https server on my local machine and then run the service see if that helps......

Dimuthu said...

can you post the problem to this forum http://wso2.org/forum/188 with the log files attached. (if any case you don't like to attach complete log file, please attach the specific part that likely to describe the error.

davidbailly said...

I tried ti consume an https service with self-signed certificate.
$client = new WSClient(array ("wsdl" =>"https://xxxxxxxx.com/wsTestEchangeFabricantMNIB_ssl/WebServiceEdeMNIB.svc?wsdl",
"to" => "https://xxxxxxxx.com/wsTestEchangeFabricantMNIB_ssl/WebServiceEdeMNIB.svc",
"classmap" => $class_map,
"CACert" => "SRVSECOIA.crt"));

So I have a soap fault : Une erreur s'est produite lors de la vérification de la sécurité du message.

Can you help me ?

Alexis Gruet said...

why the official API documentation of the WSClient object not relaying and / or talk about the CACert attribute ?

Plz check and correct me if i'm wrong :
http://wso2.org/project/wsf/php/2.0.0/docs/api.html