B
B
Bakotiinii2019-07-22 06:42:16
PHP
Bakotiinii, 2019-07-22 06:42:16

How to sign an SSL request with a certificate from a remote resource?

Hello everyone
Task:
You need to make a request for a third-party resource. Upon request, you sign your request with a special pem certificate (it contains ssl and private key).
If I upload the certificate to my server and make a request like this, then everything goes fine. httpClient (this is Guzzle)

$response = $this->httpClient->send($request,
            [
                'cert' => '/var/www/api/container/src/cert.pem'
            ]
        );

If I try to pull a certificate from a remote resource, or somehow substitute it
$response = $this->httpClient->send($request,
            [
                   'cert' => file_get_contents('https://certs/cert.pem',)
            ]
        );

Then the request falls with an error that it will not find SSL. Similarly, if I try to save the certificate to the database as text and insert it as a string.
__
Why is this necessary? For technical reasons, I cannot upload the certificate to the same server where the api is running. I can either to a special file storage on a separate machine, or somehow to the database (which is also on another machine)

Answer the question

In order to leave comments, you need to log in

2 answer(s)
E
Eugene Volf, 2019-07-22
@Bakotiinii

There is a suspicion that the cert parameter/argument that you specify should take the path to the certificate, and you are passing it the contents of the certificate, and not the path. There are several solutions here:
1. Find an HTTP client (or a parameter on the current client) that allows you to specify the contents of the certificate
2. Download the certificate to the server, specify the path to it and delete the certificate after the request is completed (if necessary)
3 In the same
way , you can save it to the database, get it from there and save it temporarily with each request )

C
CityCat4, 2019-07-22
@CityCat4

(it contains ssl and private key).

If it must contain a certificate and a key, then it is not possible in any way. The certificate is easy to find, the key - just sleep ... steal :)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question