403 Forbidden - 该页面需要客户端证书作为身份验证过程的一部分
403 Forbidden - The page requires a client certificate as part of the authentication process
我正在 PHP 中实现 SOAP 客户端。我已从实施 SOAP 服务的远程公司收到 .pfx 证书。
当我在 Chrome 中导入此 .pfx 并打开位于 https://api.test.remote.company.com/O/OMS.svc?singlewsdl 的 WDSL 文件时,我确实得到了一个 XML 文件。
由于我需要为 PHP 的 SoapClient 使用 .pem 证书,我已将 .pfx 转换为以下内容:
openssl pkcs12 -in received.pfx -out converted.pem -clcerts
由于我的客户端仍然存在问题,因此我使用 Curl 进行了测试:
curl --verbose --cert converted.pem:MyPassphrase https://api.test.remote.company.com/O/OMS.svc?singlewsdl
但我收到 403 错误消息:
* Trying 123.4.56.789...
* Connected to api.test.remote.company.com (123.4.56.789) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_CBC_SHA384
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: test.api.company.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=RU,ST=Moscow,L=Moscow,O=AO Company Lab,OU=IT,CN=test.api.company.com
* start date: Tue, 31 May 2016 00:00:00 GMT
* expire date: Thu, 08 Jun 2017 23:59:59 GMT
* issuer: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /O/OMS.svc?singlewsdl HTTP/1.1
> Host: api.test.remote.company.com
> User-Agent: curl/7.50.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden ( The page requires a client certificate as part of the authentication process. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate. Otherwise, contact your server administrator. )
< Connection: close
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
...
有谁知道发生了什么以及如何解决?
以下将 .pfx 证书转换为 .pem 的过程解决了问题:
openssl pkcs12 -in the.pfx -out cert.pem -clcerts -nokeys
openssl pkcs12 -in the.pfx -out key.pem -nocerts
然后将cert.pem和key.pem文件合并成一个唯一的文件,不做任何添加。
我正在 PHP 中实现 SOAP 客户端。我已从实施 SOAP 服务的远程公司收到 .pfx 证书。
当我在 Chrome 中导入此 .pfx 并打开位于 https://api.test.remote.company.com/O/OMS.svc?singlewsdl 的 WDSL 文件时,我确实得到了一个 XML 文件。
由于我需要为 PHP 的 SoapClient 使用 .pem 证书,我已将 .pfx 转换为以下内容:
openssl pkcs12 -in received.pfx -out converted.pem -clcerts
由于我的客户端仍然存在问题,因此我使用 Curl 进行了测试:
curl --verbose --cert converted.pem:MyPassphrase https://api.test.remote.company.com/O/OMS.svc?singlewsdl
但我收到 403 错误消息:
* Trying 123.4.56.789...
* Connected to api.test.remote.company.com (123.4.56.789) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_CBC_SHA384
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: test.api.company.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=RU,ST=Moscow,L=Moscow,O=AO Company Lab,OU=IT,CN=test.api.company.com
* start date: Tue, 31 May 2016 00:00:00 GMT
* expire date: Thu, 08 Jun 2017 23:59:59 GMT
* issuer: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /O/OMS.svc?singlewsdl HTTP/1.1
> Host: api.test.remote.company.com
> User-Agent: curl/7.50.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden ( The page requires a client certificate as part of the authentication process. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate. Otherwise, contact your server administrator. )
< Connection: close
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
...
有谁知道发生了什么以及如何解决?
以下将 .pfx 证书转换为 .pem 的过程解决了问题:
openssl pkcs12 -in the.pfx -out cert.pem -clcerts -nokeys
openssl pkcs12 -in the.pfx -out key.pem -nocerts
然后将cert.pem和key.pem文件合并成一个唯一的文件,不做任何添加。