12

我无法使用 cURL 通过 php 连接到 TransUnion 的测试 API。请让我知道是否有人已经这样做了。我已经准备好要发送给他们的 XML 文件,我只是不知道问题出在哪里,因为我从他们那里收到了一个包含证书和密钥的 .p12 文件,但它仍然没有让我连接。我尝试了以下方法:

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_VERBOSE, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_FAILONERROR, 1);
    curl_setopt($ch, CURLOPT_SSLCERT, getcwd().'/certs/cert.pem');
    curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'test_pass');
    curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM');
    curl_setopt($ch, CURLOPT_SSLKEY, getcwd().'/certs/key.pem');
    curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'test_pass');

然后我尝试通过我的mac上的终端连接:

curl -cert /Users/temp_user/cert.pem   -key /Users/temp_user/key.pem https://netaccess-test.transunion.com

有人可以让我知道我做错了什么。谢谢。

4

2 回答 2

5

我知道这是一篇较旧的帖子,但由于我在尝试找出与 TransUnion 的连接问题时遇到了它,我想我会发布我所做的以使其正常工作,以防其他人仍然需要帮助。

我与 TransUnion 支持团队合作,将我所拥有的和他们所拥有的信息结合起来,我能够得到一个可行的解决方案。

我发现的最大问题是到处都是关于如何转换证书的说明。

使用以下命令转换证书,以获得用于连接的所需部分。是的,你需要 3 个,大多数答案一直说只得到 2 个,但你需要全部 3 个:

将证书转换为客户端的三种不同证书,私钥和证书颁发机构证书。

openssl pkcs12 -in client_systemID.p12 -out ca.pem -cacerts -nokeys //将CA证书从.p12文件输出到ca.pem

openssl pkcs12 -in client_systemID.p12 -out client.pem -clcerts -nokeys //将客户端证书从.p12文件输出到client.pem

openssl pkcs12 -in client_systemID.p12 -out key.pem -nocerts -nodes //将私钥从.p12输出到key.pem

然后你可以开始设置你的代码:

$keyFile = "key.pem";
$caFile = "ca.pem";
$certFile = "client.pem";
$certPass = $_ENV['TUNASSLPass']; //I am storing the passphrase in an Env variable
$URL = "https://netaccess-test.transunion.com";
$data = "<tuna-request-data>"; //need to set this to append to the URL
$xml = "<?xml version='1.0' encoding='UTF-8'?><creditBureau xmlns='http://www.transunion.com/namespace' xsi:schemaLocation='http://www.transunion.com/namespace creditBureau.xsd' xmlns:xsi='http://www.w3.org/3001/XMLSchema-instance'>{The rest of your XML}</creditBureau>";

// Initialise cURL
$ch = curl_init($actualUrl);

// The -d option is equivalent to CURLOPT_POSTFIELDS. But...
// PHP's libcurl interface does not implement the -G flag - instead you would
// append $data to $url like this:
$actualUrl = $URL.'?'.$data;
curl_setopt($ch, CURLOPT_URL, $actualUrl);

// The -v flag only makes sense at the command line, but it can be enabled
// with CURLOPT_VERBOSE - in this case the information will be written to
// STDERR, or the file specified by CURLOPT_STDERR. I will ignore this for
// now, but if you would like a demonstration let me know.

// The --key option - If your key file has a password, you will need to set
// this with CURLOPT_SSLKEYPASSWD
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);

// The --cacert option
curl_setopt($ch, CURLOPT_CAINFO, $caFile);

// The --cert option
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POSTFIELDS, "xml=" . $xml);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
try
{
    $result = curl_exec($ch);
}
catch (Exception $e) 
{
    echo 'There was an issue querying TransUnion.  Here is the returned exception info: ',  $e->getMessage(), "\n";
}

if (curl_errno($ch) > 0)
{
    $result = array('errocurl' => curl_errno($ch), 'msgcurl' => curl_error($ch));
    echo "There was an error calling Trans Union.  Here is the error info: <br>" . curl_error($ch);
}
curl_close($ch);
于 2020-01-19T23:46:14.497 回答
1

确保从 p12 文件中正确提取证书,如下所示:

提取 CA 证书:

openssl pkcs12 -in NAME_OF_P12_FILE.p12 -cacerts -nokeys -out NAME_OF_PEM_FILE_TO_CREATE.pem

提取个人证书:

openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nokeys -out NAME_OF_PEM_FILE_TO_CREATE.pem

要提取私钥:

使用密码:openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nocerts -out NAME_OF_PEM_FILE_TO_CREATE.pem

没有密码:openssl pkcs12 -in NAME_OF_P12_FILE.p12 -clcerts -nocerts -nodes -out NAME_OF_PEM_FILE_TO_CREATE.pem

于 2013-05-25T16:12:03.107 回答