I am trying to create an SSL Certificate through the AWS PHP API by running the code below. The Certificate gets created, the problem is that the validation method the certificate uses is EMAIL and not DNS. I want to use the DNS validation method. Are there other parameters that have to be passed into the function? Any ideas here as to why my certificate is getting set to Email instead of DNS Validation?
$acm->requestCertificate([
'DomainName' => "*.example.com",
'SubjectAlternativeNames' => ["example.com"],
'ValidationMethod' => 'DNS'
]);
Dusan Bajic was correct. I needed to update to the latest SDK.
Related
An email from Amazon AWS states:
Beginning October 1st, 2020, Amazon SES will only support requests
signed using Signature Version 4.
You can easily identify API requests that use Signature Version 3 by
looking at the request headers. Requests that use the Signature
Version 3 resemble the following example: X-Amzn-Authorization:
AWS3-HTTPS
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE,Algorithm=HMACSHA256,Signature=lBP67vCvGl
...
I have got "aws/aws-sdk-php" installed through composer.
I'm trying to find out if the request header of SES is Signature Version 3 or 4.
I tried dumping the content of Illuminate\Mail\Events\MessageSent through $event->message->getHeader() which is a Swift_Mime_SimpleHeaderSet Object.
Yet it doesn't include the request version to the SES sdk.
QUESTION:
Could someone please tell me how to dump the outgoing aws ses sdk request so I can see in the header what version is used.
Thank you.
If anyone is interested, finally was able to do it by back tracing the stack.
After sending a mail through a command, I back traced the stack and could see the raw request, which included Authorization: AWS4-HMAC-SHA25, confirming Signature Version 4.
Mail::to($receiver)->send($mailable);
dump(debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 50));
Make sure that you have the ses service debug set to true:
config/services.php
'ses' => [
'key' => env('SES_KEY'),
'secret' => env('SES_SECRET'),
'region' => 'us-west-1',
'debug' => true,
],
I'm using windows, xampp and fairly new on integrating docusign. I watched this tutorial from docusign using PHP, however since the tutorial is using mac, I'm getting confused on how I will setup this tutorial on my xampp and windows and the result is I'm getting the error:
The redirect URI is not registered properly with DocuSign
Here is how I did my setup
1.) Clone the repository and place it on my xamp/htdocs/eg-something-something
2.) Rename the ugly repository name to xamp/htdocs/docusign/
3.) Run composer install to get the dependencies
4.) I configured my ds_config.php and here is my code... I removed credentials for security purposes
<?php
// ds_config.py
//
// DocuSign configuration settings
$DS_CONFIG = [
'ds_client_id' => 'xxxx', # The app's DocuSign integration key
'ds_client_secret' => 'xxx', # The app's DocuSign integration key's secret
'signer_email' => 'xxx#gmail.com',
'signer_name' => 'Michael',
'app_url' => 'http://localhost/docusign/public', // The url of the application.
// Ie, the user enters app_url in their browser to bring up the app's home page
// Eg http://localhost/eg-03-php-auth-code-grant/public if the app is installed in a
// development directory that is accessible via web server.
// NOTE => You must add a Redirect URI of app_url/index.php?page=ds_callback to your Integration Key.
'authorization_server' => 'https://account-d.docusign.com',
'session_secret' => '{SESSION_SECRET}', // Secret for encrypting session cookie content
'allow_silent_authentication' => true, // a user can be silently authenticated if they have an
// active login session on another tab of the same browser
'target_account_id' => false, // Set if you want a specific DocuSign AccountId, If false, the user's default account will be used.
'demo_doc_path' => 'demo_documents',
'doc_docx' => 'World_Wide_Corp_Battle_Plan_Trafalgar.docx',
'doc_pdf' => 'World_Wide_Corp_lorem.pdf',
// Payment gateway information is optional
'gateway_account_id' => '{DS_PAYMENT_GATEWAY_ID}',
'gateway_name' => "stripe",
'gateway_display_name' => "Stripe",
'github_example_url' => 'https://github.com/docusign/eg-03-php-auth-code-grant/tree/master/src/',
'documentation' => false
];
$GLOBALS['DS_CONFIG'] = $DS_CONFIG;
5.) I log into my admin sandbox and use this as my redirect URI
http://localhost/docusign/public/index.php?page=ds_callback
The web app is running but I am having an error of "The redirect URI is not registered properly with DocuSign" when I click the login or just by authenticating.
Thanks for helping me on this issue.
Update part:
I tried adding http:// on the configuration of the integration key on sandbox, however, I'm getting a fatal error:
Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL
error 77: error setting certificate verify locations: CAfile:
C:\xampp\apache\bin\curl-ca-bundle.crt CApath: none (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html) in
C:\xampp\htdocs\docusign\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php
on line 186
Once I tried to authenticate. Check this screenshot for the errors.
try http://localhost/docusign/public/index.php?page=ds_callback as the redirect URL.
You need the complete URL including the http:// part.
I am using https://github.com/boundstate/yii2-mailgun
Yii2 extension for Mailgun and extending it on my wrapper class.
i configure as shown in documentation in web.php ,
'mailer' => [
'class' => 'boundstate\mailgun\Mailer',
'key' => 'key-85886fafb248373bd90a396',// valid key
'domain' => 'sandbox5d98013abb1749fd94b68.mailgun.org',//valid domain
],
Now,
when i am using it by,
Yii::$app->mailer->compose()
->setFrom('valid-email-address')
->setTo('valid-email-address')
->setSubject("test mail from mailgun api")
->send();
first , i got issue with SSL for my localhost.
GuzzleHttp\Exception\RequestException
cURL error 60: SSL certificate problem: unable to get local issuer certificate
↵
Caused by: GuzzleHttp\Ring\Exception\RingException
there is no any configuration to set SSL => false through config as we can do with sendgrid extension.
and also i am facing this error after this,
Mailgun\Connection\Exceptions\MissingEndpoint
The endpoint you've tried to access does not exist. Check your URL
In mailgun Api , they are using "api.mailgun.net" ,although it throws such kind of error ..
Is there any solution for these two issues ??
Maybe you can read this issue in github first #130 and #175.
To solve your problem you can manually add this line in your php.ini(based on Comment on that issues)
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = "C:\php\extras\cacert.pem"
Or you can use my way, by added it manually with instance Client adapter from guzzle like this. If you want use ssl, you can set verify to false
use Http\Adapter\Guzzle6\Client;
$httpClient = Client::createWithConfig([
'verify' => __DIR__ . '/../config/ca-cert.pem'
]);
$mailgun = new Mailgun(self::$apiKey, $httpClient);
I have a question about building a authentication system with SSL certificates. My Idea is to store the data in the database(I know how to do that) and when the user gives the certificate the system to check the cert values and to know where to put the user. But there are some things that are not quite clear(I might sound nooby, but don't judge me)
How to make the certificate with PHP?
How to make the system to request a specific details from the client?(As is on StartSSL)
Do I have to sign the private certificate or something?
P.S: I am using HostGator Business Plan if this makes any difference. I have requested them to issue a private ssl certificate.
I have never used StartSSL however many individuals and companies alike use SSL APIs and auth now, like the new(ish) Facebook sdk.
Note that self signed certificates are not supported as a valid security mechanism by many browsers and other software.
You cannot make SSL certificates in PHP, instead you must make then using a tool like OpenSSL. Here is a brief tutorial I found on Google: http://www.akadia.com/services/ssh_test_certificate.html .
SSL is mainly designed to make the transference of data across the line a little more secure and when reading in connections through PHP you would validate the certificate to see if it matches the one it is supposed to (http://stackoverflow.com/questions/3081042/how-to-get-ssl-certificate-info-with-curl-in-php) much like how a browser downloads a sites SSL cert and then uses that to create a secure connection. I wouldn't imagine you would have a certificate per user.
After this all your data goes over HTTPS rather than HTTP allowing for SSL auth.
Depending on the SSL auth system, if it is an API then your cURL request would be sent over HTTPS rather than HTTP.
If you are making this for a login page on a website then it is a lot simpler than I have said above (well in theory, there are still a lot of thing you can mess up). If you are doing this then you would simply add the SSL cert to your server and then add it to your server config (another quick tutorial for Apache from Google: http://www.digicert.com/ssl-certificate-installation-apache.htm ) and then literally proceed as you normally would redirecting the user to a https of the login page and the login processing page (making sure you have a vhost for 443 if your in Apache).
Edit: Openssl does have a PHP API as I just remembered so I was wrong there.
This is how I see SSL auth going down.
1) Method for create new SSL certificate with PHP^
$dn = array(
"countryName" => 'Country',
"organizationName" => 'Org',
"commonName" => 'Common name',
"emailAddress" => 'email#email.com',
);
$configArgs = array(
'digest_alg' => 'SHA1',
);
$clientKey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $clientKey, $configArgs);
$password = trim(base64_encode(openssl_random_pseudo_bytes(8)), '/=');
$cert = openssl_csr_sign(
$csr,
'file:///etc/ssl/ca/ca.pem',
'file:///etc/ssl/ca/ca.pem',
1095,
$configArgs,
$serial
);
openssl_pkcs12_export($cert, $clientCertPkcs12, $clientKey, $password);
openssl_x509_free($cert);
$sslData = array(
'serial' => $serial, // random serial
'sslkey' => $password,
'created_at' => time(),
'sslpfx' => $clientCertPkcs12
);
openssl_pkey_free($clientKey);
I am successfully connecting, using Microsoft C#, to a Microsoft web service. I have to supply a username, password (in the C# code); and install a certificate (in .cer format) into the "Root Certificate Authorities" section of the system's certificates.
How can I connect to such a web service in PHP? The reason I ask is that all methods I have seen (such as wsdl2php, which creates a SoapClient subclass), seem to assume various things, such as SSL certificate, SSL key file and SSL key passphrase.
So it all confuses me. I'm not sure what should go where. I'm not sure where my "root certificate authority" (the .cer file) should go, and where the username and password should go. Any ideas?
all can be done whith soapclient and stream_context_create using ssl options
<?php
$context = stream_context_create(array(
'https' => array(
'cafile' => '/path to file',
'verify_peer' => true
)));
new soapclient("https://localhost/index.php?wsdl",array(
'login'=>'admin',
'password'=>'passss',
'stream_context'=> $context
));
it is not uncommon in soap to not use http auth but just an soap-call, the documnetation is essential
it can be rewarding to use soapclient whith classes using classmap to map soaptypes to php clases
Typically if you're calling a webservice using regular SSL your URL will look like:
https://username:password#myserver.com/mywebservice.php
Then there is the issue of the SSL certificate. I'm using something similar to read from an SSL protected SVN web front. I don't know of any other solution other than to log into the server as the user that is running your webserver (apache/IIS) and accepting the certificate manually. In the case of SVN you could make a checkout and it will ask you to accept the certificate. I'm not entirely sure how this would work for a plain HTTPS request but perhaps you can get the certificate by loading the webservice in a browser? (or using wget or something fancy if you're lucky enough to be running Linux)
Also, is your code the PHP code or the C# code? If it's C# you may need to do something else entirely.