我在使用cURL通过php连接到TransUnion的测试API时遇到问题。如果有人已经这样做,请告诉我。我已经准备好将XML文件发送给他们了,我只是不知道出了什么问题,因为我从他们那里收到了一个包含证书和密钥的.p12文件,但仍然无法连接。我尝试了以下方法:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/certs/cert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'test_pass');
curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd().'/certs/key.pem');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'test_pass');
然后我尝试使用以下命令通过Mac上的Terminal进行连接:
curl -cert /Users/temp_user/cert.pem -key /Users/temp_user/key.pem https://netaccess-test.transunion.com
有人可以让我知道我在做什么错。谢谢。
确保像这样从p12文件中正确提取证书:
提取CA证书:
openssl pkcs12 -in NAME_OF_P12_FILE.p12 -cacerts -nokeys -out NAME_OF_PEM_FILE_TO_CREATE.pem
提取个人证书:
openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nokeys -out NAME_OF_PEM_FILE_TO_CREATE.pem
提取私钥:
使用密码:openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nocerts -out NAME_OF_PEM_FILE_TO_CREATE.pem
没有密码:openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nocerts -nodes -out NAME_OF_PEM_FILE_TO_CREATE.pem
我知道这是一篇较旧的文章,但是由于在试图弄清我与TransUnion的连接问题时碰到了它,所以我想我会发布我所做的使它工作的方法,以防万一其他人仍然需要帮助。这个。
我与TransUnion支持团队合作,将我所拥有的信息与他们所拥有的信息结合在一起,从而能够得到一个可行的解决方案。
我发现的最大问题是各地有关如何转换证书的说明。
使用以下命令转换证书,以获得用于连接的所需片段。是的,您需要3,大多数答案一直说只能得到2,但您需要全部3:
将证书转换为客户端的三个不同的证书,私钥和证书颁发机构证书。
openssl pkcs12 -in client_systemID.p12 -out ca.pem -cacerts -nokeys //将CA证书从.p12文件输出到ca.pem中
openssl pkcs12 -in client_systemID.p12 -out client.pem -clcerts -nokeys //将客户端证书从.p12文件输出到client.pem
openssl pkcs12 -in client_systemID.p12 -out key.pem -nocerts -nodes //将私钥从.p12输出到key.pem
然后您可以开始设置代码:
$keyFile = "key.pem";
$caFile = "ca.pem";
$certFile = "client.pem";
$certPass = $_ENV['TUNASSLPass']; //I am storing the passphrase in an Env variable
$URL = "https://netaccess-test.transunion.com";
$data = "<tuna-request-data>"; //need to set this to append to the URL
$xml = "<?xml version='1.0' encoding='UTF-8'?><creditBureau xmlns='http://www.transunion.com/namespace' xsi:schemaLocation='http://www.transunion.com/namespace creditBureau.xsd' xmlns:xsi='http://www.w3.org/3001/XMLSchema-instance'>{The rest of your XML}</creditBureau>";
// Initialise cURL
$ch = curl_init($actualUrl);
// The -d option is equivalent to CURLOPT_POSTFIELDS. But...
// PHP's libcurl interface does not implement the -G flag - instead you would
// append $data to $url like this:
$actualUrl = $URL.'?'.$data;
curl_setopt($ch, CURLOPT_URL, $actualUrl);
// The -v flag only makes sense at the command line, but it can be enabled
// with CURLOPT_VERBOSE - in this case the information will be written to
// STDERR, or the file specified by CURLOPT_STDERR. I will ignore this for
// now, but if you would like a demonstration let me know.
// The --key option - If your key file has a password, you will need to set
// this with CURLOPT_SSLKEYPASSWD
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);
// The --cacert option
curl_setopt($ch, CURLOPT_CAINFO, $caFile);
// The --cert option
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, "xml=" . $xml);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
try
{
$result = curl_exec($ch);
}
catch (Exception $e)
{
echo 'There was an issue querying TransUnion. Here is the returned exception info: ', $e->getMessage(), "\n";
}
if (curl_errno($ch) > 0)
{
$result = array('errocurl' => curl_errno($ch), 'msgcurl' => curl_error($ch));
echo "There was an error calling Trans Union. Here is the error info: <br>" . curl_error($ch);
}
curl_close($ch);