具有证书的curl命令到php SoapClient (BankID)

Question

基于https://www.bankid.com/assets/bankid/rp/bankid-relying-party-guidelines-v2.13.pdf

我有工作的curl命令：

curl https://appapi.test.bankid.com/rp/v4?wsdl -E --cacert /path/to/BankID_SSL_Root_Certification_Authority_TEST.pem --cert /path/to/ServerCertificate.cer --key /path/to/PrivateKey.key

ServerCertificate.cer和PrivateKey.key用openssl命令从PFX证书(102329.pfx)中提取。

但是，我无法使它与PHP一起工作：

SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://appapi.test.bankid.com/rp/v4?wsdl' : failed to load external entity "https://appapi.test.bankid.com/rp/v4?wsdl"

我很感激这里的任何帮助。

Answer 1

谢谢你们的回答。

解决办法：

1. openssl pkcs12 -in FPTestcert2_20150818_102329.pfx -nocerts -out key.pem -nodes
2. openssl pkcs12 -in FPTestcert2_20150818_102329.pfx -nokeys -out cert.pem
3. openssl rsa -in key.pem -out server.key
4. 复制 -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- 来自server.key和 -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- 节，并将它们放入新的cert.pem文件中。

然后：

try {
    $this->client = new SoapClient( $this->wsdl, array( "local_cert" => "/path_to_cert/certname.pem" ) );
} catch (Exception $e) {
    return json_encode( array( "result" => false, "reason" => $e->getMessage() ) );
}

Answer 2

对于将来发现自己有同样的BankID问题的人，Dmitry给出了一个关于如何获得正确证书的很好的教程，但是对我起作用的代码需要更多的参数：

try {
    $client = new SoapClient('https://appapi2.test.bankid.com/rp/v4?wsdl',
        ["local_cert" => "certname.pem",
         "stream_context" => [
             "ssl" => [
                 "verify_peer" => false,
                 "verify_peer_name" => false,
                 "allow_self_signed" => true
             ]
         ]
     ]);
} catch (Exception $e) {
    return json_encode( array( "result" => false, "reason" => $e->getMessage() ) );
}