I generate private.key with:
openssl genrsa -out private.key 2048.
From private key I generate public key with:
openssl rsa -in private.key -pubout -out public.key
With these keys oauth2 server creates authorization JWT
And I need that JWT payload contains issuer (iss).
On which step should I add it? And any ideas how to add it?
Related
i tried to integrate bankID with my code but it does not work
this is the tutorial bankID tutorial
this api have ssl certification https://www.bankid.com/assets/bankid/rp/FPTestcert2_20150818_102329.pfx
can any one help me to integrate this api with php
this is my code
try {
$client = new SoapClient( 'https://appapi.test.bankid.com/rp/v4?wsdl', array( "local_cert" => "/certname.pem" ) );
} catch (Exception $e) {
echo json_encode( array( "result" => false, "reason" => $e->getMessage() ) );}
and because the ssl is pfx i convert it by useing openssl as
openssl pkcs12 -in FPTestcert2_20150818_102329.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in FPTestcert2_20150818_102329.pfx -nokeys -out cert.pem
openssl rsa -in key.pem -out server.key
Copy
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
section from server.key and
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
section from cert.pem and put them into new certname.pem file.
and this is the error
SOAP-ERROR: Parsing WSDL: Couldn't load from 'link' : failed to load external entity
I have generated a SSH key with PHP OpenSSL:
$rsaKey = openssl_pkey_new(array(
'private_key_bits' => 4096,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
));
$privKey = openssl_pkey_get_private($rsaKey);
openssl_pkey_export($privKey, $pem);
This results in $pem looking like this:
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC8ggt6rVHYnqNP
...
e95+EXbPc6THyWt9pgwOsJltpylIYG4=
-----END PRIVATE KEY-----
But I cannot authenticate using this key. Before I can use it, I have to convert it using this command:
openssl rsa -in xxx.key -outform pem > xxx.key2
The result of the conversion is this:
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAvIILeq1R2J6jT+xjlK5NrOqFZTOJ4PByvgPQNbb2Kp7c3W15
...
o1t2KBkaSoR+JyOPOZakq5BLv8lgD3vefhF2z3Okx8lrfaYMDrCZbacpSGBu
-----END RSA PRIVATE KEY-----
Both are PEM format, but the second is a RSA private key. With the second, PHP can login. So I need a key that starts with RSA PRIVATE KEY, not just PRIVATE KEY. How can I create this with PHP and OpenSSL PHP implementation?
So, these are two different key types. You're looking for PKCS #1, but getting PKCS #8.
This appears to be related to the version of OpenSSL that PHP uses. Versions since 1.0 create a PKCS #8 file, and there's nothing the PHP developers want to do about it. The same issue arises when doing it from the command line with this command:
openssl req -new -keyout mykey.key -out mycertreq.csr -nodes -sha1 -newkey rsa:2048
You can try using an external library called phpseclib, though I haven't tried it myself:
<?php
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_OPENSSH);
$result = $rsa->createKey();
echo $result["privatekey"];
?>
I try to make a connection through SoapClient. I need a certificate for this. I received a .pfx certificate. I used the following command to create a .pem file.
openssl pkcs12 -in cert.pfx -out cert.pem -nodes
There is a password in the certificate so I need to enter it before I get the cert.pem file. So far so good, I think.
Now I try to connect to the WSDL service.
$url = "https://test.website.com/webservices/transfer.asmx?WSDL";
$cert = '/path/to/cert.pem';
$passphrase = "12345678";
$soapClient = new SoapClient($url, array('local_cert'=>$cert,'passphrase'=>$passphrase));
I get the following error:
(Warning) SoapClient::SoapClient(): Unable to set private key file `/var/www/vhosts/............./cert.pem'
I think the problem is the certificate. Is the way that I converted the .pfx to a .pem the correct way?
The problem you're running into is that a .pem certificate is always supposed to be an encrypted file. According to the OpenSSL docs for the pkcs12 command when you used -nodes it didn't encrypt anything, rather put each node into plain text, which caused the .pem certificate to be invalid and your SoapClient couldn't parse the invalid file.
To fix this, hopefully you haven't deleted the original cert.pfx, just re-convert it using this line:
openssl pkcs12 -in cert.pfx -out cert.pem -clcerts
and your cert.pem file will be correct.
Today I had this problem with an invalid Cert/Private combination, meaning the cert wasn't belonging to the specified key.
You can verify this problem using:
openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in server.crt | openssl md5
key and cert should return the same checksum. If not, somebody has mixed up some files.
The same procedure works for CSRs as well:
# and for a CSR
openssl req -noout -modulus -in server.csr | openssl md5
I am using TCPDF to sign PDF, but when running the example 52 I got this error:
Warning: openssl_pkcs7_sign() [function.openssl-pkcs7-sign]: error getting
private key in C:\xampp\htdocs\this\tcpdf\tcpdf.php on line 8366
Could you please tell me or guide me where is the problem. I am just running the example without changing anything. I am using xampp.
The problem is with the location from where it tries to access the private key. Instead of '' like in their example use 'file://'.( dirname(FILE)).'./path/to/file'. This worked for me.
I solved it by using:
$certificate = 'file://'.realpath('../tcpdf.crt');
When you create your own certificate use this:
/*
NOTES:
- To create self-signed signature: openssl req -x509 -nodes -days 365000 -newkey rsa:1024 -keyout tcpdf.crt -out tcpdf.crt
- To export crt to p12: openssl pkcs12 -export -in tcpdf.crt -out tcpdf.p12
- To convert pfx certificate to pem: openssl pkcs12 -in tcpdf.pfx -out tcpdf.crt -nodes
*/
Finally, after weeks ago, I found the solution. I just donwloaded the TCPDF 5.9 Version and it works :D if you wanna try, here's the link to download that version
link: https://sourceforge.net/code-snapshots/git/u/u/u/mynetx/tcpdf.git/u-mynetx-tcpdf-5828c0d80580cbad069988e2067ad5e37e1e98e7.zip
I have certificate that can see in browser - signed by VeriSign - G3
But when I try to read with openSSL(or in PHP) like pkcs12 or x509 or pkcs7 - error like:
openssl pkcs12 -in cert.to.test.cer -clcerts -nokeys -out mycert.crt
28685:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
28685:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:830:
28685:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:749:Field=version, Type=PKCS12
What can be done to read parameters of certificate in PHP?
Thanks.
You can try
openssl x509 -in certificate.der -inform der -text -noout
May be it is DER encoded certificate