tags:

views:

768

answers:

3
Q: 

Encrypted web services connections and pk12 certificates

I need to make some code to talk to a SOAP web service. Unfortunately I'm unable to get a connection to the service as it requires a SSL connection encrypted with a special certificate. I've been given a pk12 certificate which when installed into my keychain allows me to access the SOAP service manually via Safari, but I'm unable to get a connection from the Cocoa web services stuff :( Does anybody have any ideas on what I might have to do to get this to work?

A: 

I've hit similar problems. Is this a self-signed certificate? If so, you may find all you need to do is alter the trust settings on this certificate.

There is another workaround, where you say that this site should ignore trust settings, but this leaves you open to man-in-the-middle attacks. There is another thread on SO about this topic:

Objective-C/Cocoa How do I accept a bad server certificate?

Matthew Schinckel  2008-12-08 03:48:41
I've already set the trust settings on the certificate to "Always Trust" but that didn't seem to help me. It is almost as though the WS functions are not looking at the keychain :(
Daniel  2008-12-08 19:53:05
Yep, I hit this problem too. I had to use the technique in the linked post, with a slight addition - I needed to do an NSURLRequest first before I did my WS stuff.Then it worked as expected.
Matthew Schinckel  2008-12-11 02:59:29
I wasn't able to get the WSInvocation stuff to work, and in the end I had to build the SOAP envelope and perform a HTTP post manually, but Matthew pointed me in the right direction.
Daniel  2008-12-31 01:59:56
A: 

Typically, you must present the certificate as part of your code. For instance, in C#, you need to specify the certificate like this:

using System.Security.Cryptography.X509Certificates;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {
        //some code creating your soap client

        string cert_file = "C:\\prf_res.pem"; //You'll probably use the PEM format here, not the .p12 format
        X509Certificate cert = new X509Certificate(cert_file);
        soap_client.ClientCertificates.Add(cert);

        //now you're set!

In PHP, it would be:

   $cert = "myCert.pem"; //notice it's in PEM format. 

   $client = new SoapClient($wsdl, array('local_cert' => $cert));

To make a PEM file out of a .p12, you can use:

OpenSSL> pkcs12 -in myCert.p12 -out myCert.pem -nodes -clcerts

Nick R.  2008-12-15 01:19:12
A: 

http://roman.tao.at/dev/php/php-soapclient-over-https-with-pkcs12-p12-certificates/

catalin  2010-10-22 15:28:32

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords