doudi4014 2017-04-25 14:03
浏览 359
已采纳

403 Forbidden - 该页面需要客户端证书作为身份验证过程的一部分

I am in the process of implementing a SOAP client in PHP. I have received a .pfx certificate from the remote company implementing the SOAP service.

When I import this .pfx in Chrome and open the WDSL file at: https://api.test.remote.company.com/O/OMS.svc?singlewsdl, I get an XML file indeed.

Since I need to use .pem certificates for PHP's SoapClient, I have converted the .pfx with the following:

openssl pkcs12 -in received.pfx -out converted.pem -clcerts

Since I was still facing issues with my client, I resorted to perform a test with Curl:

curl --verbose --cert converted.pem:MyPassphrase https://api.test.remote.company.com/O/OMS.svc?singlewsdl

But I get a 403 error message:

*   Trying 123.4.56.789...
* Connected to api.test.remote.company.com (123.4.56.789) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_CBC_SHA384
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: test.api.company.com (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: C=RU,ST=Moscow,L=Moscow,O=AO Company Lab,OU=IT,CN=test.api.company.com
*    start date: Tue, 31 May 2016 00:00:00 GMT
*    expire date: Thu, 08 Jun 2017 23:59:59 GMT
*    issuer: C=US,O=thawte\, Inc.,CN=thawte SSL CA - G2
*    compression: NULL
* ALPN, server did not agree to a protocol
> GET /O/OMS.svc?singlewsdl HTTP/1.1
> Host: api.test.remote.company.com
> User-Agent: curl/7.50.1
> Accept: */*
> 
< HTTP/1.1 403 Forbidden ( The page requires a client certificate as part of the authentication process. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate. Otherwise, contact your server administrator.  )
< Connection: close
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
...

Does anyone know what is happening and how it can be solved?

  • 写回答

1条回答 默认 最新

  • dongxin991209 2017-05-12 14:45
    关注

    The following procedure to convert the .pfx certificate to .pem solved the issue:

    openssl pkcs12 -in the.pfx -out cert.pem -clcerts -nokeys
    
    openssl pkcs12 -in the.pfx -out key.pem -nocerts
    

    Then merge the cert.pem and key.pem files into a unique file, without any addition.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 VB.NET操作免驱摄像头
  • ¥15 笔记本上移动热点开关状态查询
  • ¥85 类鸟群Boids——仿真鸟群避障的相关问题
  • ¥15 CFEDEM自带算例错误,如何解决?
  • ¥15 有没有会使用flac3d软件的家人
  • ¥20 360摄像头无法解绑使用,请教解绑当前账号绑定问题,
  • ¥15 docker实践项目
  • ¥15 利用pthon计算薄膜结构的光导纳
  • ¥15 海康hlss视频流怎么播放
  • ¥15 Paddleocr:out of memory error on GPU