Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dhaenoor2021-07-16 09:22:03
OpenSSL
dhaenoor, 2021-07-16 09:22:03

How to feed Sberbank certificates for the application to the curl if they do not pass openssl checks and are not readable at all?

There is a test application (a PlatiQR subscription is connected to it) registered on developer.sberbank.ru
It has:

  • client_id: 5c869433-a26d-476b-90a7-ba5c245181b6
  • client_secret: nQ3pD0dG6qM4dS3wH0qE5bU1eI2nJ1jF3uV1pK5cI0vP2uT1iB
  • Certificate password: p7u8V0f27hEhwNCOBeJd
  • Certificate: https://disk.yandex.ru/d/g_P1dESf5quZ7w

How to assemble a working request in cURL to get at least an authorization token from this shit and sticks?
This shit doesn't work:
  • https://developer.sberbank.ru/api/5db90a41e4b05210...
  • https://developer.sberbank.ru/doc/v1/sberbank-id/t...


The certificate is unpacked using the Sberbank instructions, only then all three certificates, when checked, say to go where I don’t want to go. This certificate, neither it nor the files obtained from it, do not work in cURL, they show errors from the category "You are not giving us a PEM certificate".
Disassembly instructions from Sberbank:
  • openssl pkcs12 -in <your file name>.p12 -nodes -nocerts -out private.key
  • openssl pkcs12 -in <your file name>.p12 -clcerts -nokeys -out client_cert.crt
  • openssl pkcs12 -in <your file name>.p12 -cacerts -nokeys -chain -out cacerts.cer

An example of checking a certificate from a sberbank:
  • openssl pkcs12 -in cacerts.cer -out log.txt

Link to instructions on TLS from Sberbank: https://developer.sberbank.ru/doc/v1/sberbank-id/cert

Is there at least one person in the world who could make at least something out of this??? Pamagity!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
dhaenoor, 2021-07-16
@dhaenoor

It helped not to unload them into separate files. Oh, this savings ...
Instead of slicing a bunch of files, it was necessary to do this:

openssl pkcs12 -in PFXCertReceivedFromSber.p12 -out TheSameButInThePEM.pem -nodes

Report
G
galaxy, 2021-07-16
@galaxy

Openssl, when converting from pkcs12, for some reason sculpts Bag attributes into the PEM file (certain properties of the pkcs12 container in text form).
The key can be brought back to normal as follows:
openssl rsa -in private.key -out private2.key
Certificate:
openssl.exe x509 -in cert.cer -out certs.cer
Unless the last command for the chain of certificates is suitable, because only the first one will come out. Just open cacerts.cer in a text editor and leave only the certs directly:

-----BEGIN CERTIFICATE-----
MII....
-----END CERTIFICATE-----

Similar questions
N
Nurba Nurba2017-06-17 10:18:17
How to parse sites if the certificate is broken? 1Reply
Y
Yakov Kravtsov2017-11-05 03:28:34
How to make an intermediate CA? 2Reply
T
Tesla4o2020-03-28 16:32:03
Why are the results of DES3 encryption constantly different every time the program is run? 1Reply
V
Vanes Ri_Lax2017-12-22 09:23:14
Encrypting data with PHP, perhaps? 1Reply
S
synapse_people2017-12-26 16:19:22
Is it possible to run only 1 AES round in PHP OpenSSL? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question