I'm looking for the best method to work with an FTP server over an SSL connection. (Generally, pushing a file up as well as getting a list of files on the server). One requirement for this project is that I must use a client side X.509 certificate as part of the authentication process.
Can I use a client certificate using the php function ftp_ssl_connect. If so, how? The only other option I've been able to identify would be using curl to work via FTPS.
Any suggestions or thoughts would be greatly appreciated!
You could use PHP's stream context functions which allow setting SSL client certificates. Use the created context with standard functions like fopen.
Related
When I use tcp://64.41.200.100:80 it works fine, but with
ssl it failing to read response, here is my source example
https://gist.github.com/undercloud/d246473370aec7f19c2e42414ae00693
P.S. I need this way to transfer data, I know about file_get_contents,fopen, but I still need low-level data I\O
P.S.S Hmm... Maybe need ssl certificates settings? How to create this .pem file and how to setup options?
I'm using the PHP userland library, found here: https://github.com/mongodb/mongo-php-library
, with documentation at: http://mongodb.github.io/mongo-php-library/classes/client/
How do I supply SSL options and which constructor to use? I'm assuming MongoDB/Client but documentation is sparse.
I have the usual on the server; CA file, server certificate and private key file with net.ssl being set to requireSSL.
So if anyone has tried anything, it'd be great if you can list what worked.
Update
A lot of googling took me to this page. and I could only get the mongo shell connected successfully, but definitely not through the php library. I am using MongoDB 3.2.1 on Centos7.
Additionally I see that client certificates need two additional fields in the x509 certificates[keyUsage = digitalSignature, extendedKeyUsage = clientAuth], as narrated here. Now although that isn't impossible, but isn't a very manageable or scalable way for my implementation in my opinion.
Also a strange thing I discovered is that the CN in the final client certificate needs to be "localhost.". You cannot omit the last period. And the --host argument accordingly has to be "localhost." (not just localhost) or else the validation fails. But if you try to create a certificate with the CN as just localhost, you will never be able to connect to the server and the validation would fail everytime.
My college downloaded cert-name.crt file from external host. Now we need to connect to web service platform, obviously using their SSL certificate. We are a bit confused by OpenSSL documentation. Research didn't help either. All we get is 'Could not connect to host' PHP exception. Just to clear things, interface worked perfectly fine over unsecured HTTP. We use pure Soap library. As an act of desperation we also tried to connect with host without verification by disabling verify_peer variable in SoapClient stream context. Please help, we are under pressure.
To get your started:
By default, PHP looks for the CA file on UNIX systems in, make sure it is readable by the PHP invoker (user via cli, Apache user, etc..), and place the .crt file here:
/etc/pki/CA
Currently setting up a backup solution that sends a database dump and some other files from a Wordpress network to a NAS on my LAN, via WebDAV. I have installed PHP WebDAV on my web server and the basic code to get that that to work is:
webdav_connect('http://webdav.example.com/dav', 'davuser', 'davpassword');
webdav_put('/your/nice/thing.txt', $data);
webdav_close();
The issue is, my NAS requires this connection to be done via HTTPS, so in a web browser you'd see a warning which you can ignore, but PHP gives the following warning and the code fails:
Warning: webdav_put() [function.webdav-put]: Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted in /var/www/vhosts/blah/blah/blah.php on line 5
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate? The domain name used for accessing the WebDAV service on my NAS is one provided by Dynamic DNS if that makes a difference.
Is there a way in which I can ask PHP to ignore this, or will I need to obtain an SSL certificate?
I don't know which HTTP Layer PHP WebDAV uses (which extension are you using?), but often it's possible to configure the underlying layer to ignore certificate errors.
If you need certificate verification for security reasons, you should obtain a valid certificate.
Just for completeness as I don't like leaving things un-answered. I've decided to access my WebDAV service via SMEStorage. They provide an API which developers can use for this sort of thing:
http://smestorage.com/?p=static&page=for_developers
I used to transfer temporarily-direct-linked files to my server because my internet speed is not as much as my server. The method I'm using (fread) only works with http protocol. But I can not even get connected to files accessible using RTMP protocol using fopen. Could you tell me what can I do to get around this?
Cheers
You might be able to use curl - this can be compiled with librtmp support. Not sure if it's supported within the PHP curl extension, but you could simply use curl as a separate process.