Creating a PHP SOAP request with a certificate
A side note: there is a way to make successful SOAP request and keep the private key and certificate file separated. To do this, you have to create a stream context and pass that as the context option:
<?php
$wsdl = "https://localhost/MyService/MyService.asmx";
$context = stream_context_create(
array(
"ssl" => array(
"local_cert" => "C:\\Certs\client_cert.pem",
"local_pk" => "/path/to/private/key"
)
)
);
$client = new \SoapClient($wsdl, array("context" => $context));
I managed to get this working but there are some oddities that I wonder about. Specifically the need to combine the client certificate and private key into a single file to send along with the Soap Request as well as the certificate pass-phrase was breaking the request although the PHP Soap documentation explicitly includes it as an option. If anyone has input on how to improve this I would love to hear it.
1) Create the OpenSsl client and server certificates and sign them with the certificate authority. When creating the certificate do not assign a passphrase to them, just hit the enter button at that point.
2) Import the server certificate authority file into the Machine certificate store under the trusted root. You can get to this by using the MMC command at the command prompt and then adding the Certificates snap in.
3) Import the Server certificate into the Machine store Personal certificate store
4) Import the client certificate in the local account Personal store. You can do this by typing certmgr.msc at the command prompt.
5) Make sure to have Apache with a SSL version of PHP running. If you already had a non-php version of PHP installed you can follow these steps to configure your Apache server to run using SSL.
Inside httpd.conff
a) Remove the comment ‘#’ at line : LoadModule ssl_module modules/mod_ssl.so
b) Remove the comment ‘#’ at the line inside `<IfModule ssl_module>`: Include /extra/httpd-ssl.conf
and move this line after the block `<IfModule ssl_module>…. </IfModule>`
Inside php.ini
c) Remove the comment ‘;’ at the line which says: extension=php_openssl.dll
6) Configure IIS to use a certificate and SSL using the following steps:
a) Right click the 'Default Website' node choose 'Properties'
b) 'Directory Security' tab 'Server Certificate' button. Follow the wizard to select the certificate you imported into the store then complete the wizard and return to the 'Directory Security' tab.
c) Under 'Secure Communications' select the 'Edit' button.
d) Check the 'Require Secure Channel (SSL) checkbox.
7) Creating the PHP SOAP request (the test() method should be a valid method in your Web service):
$wsdl = "https://localhost/MyService/myservices.asmx?wsdl";
$local_cert = "C:\\SoapCerts\ClientKeyAndCer.pem";
$soapClient = new SoapClient($wsdl, array('local_cert' => $local_cert));
$theResponse = $soapClient->test();
8) Place this file into your Apache directory. By Default: 'C:\Program Files\Apache Group\Apache2\htdocs'
9) You will need access to the client certificate. In the steps you took to produce the client and server certificates you also produced the private key files. Open the client_prv.pem (the client private key file) and copy the contents into a new document with a text editor. It is probably safer to use something like Textpad that will hopefully not add a bunch of special characters, certificate parsers are very picky. Immediately after the private key part place the contents of the client certificate (client_cer.pem) so that the resulting file is an un-escaped copy of the client private key and client
certificate. Save the resulting file to a directory you can get to from the php file. In the example above the resulting file is the
'C:\SoapCerts\ClientKeyAndCer.pem' file.
9) Navigate to localhost/nameOfYourFile.php. You should see a successful connection to the service with a response matching the expected results from your
Web service method.