I am trying to connect with a SOAP Service which requires Mutual SSL Authentication.
We created a self-signed certificate and transferred it to the service operator for them to verify our connections. Likewise, they sent us a copy of their ssl certificate.
I have been able to successfully connect to an get the expected SOAP response from the service by using openssl s_client and manually entering the HTTP request, headers and SOAP content.
I use the parameters similar to the following to make the successful connection:
openssl s_client -connect example.com:443 -key my_key.pem -cert my_cert.pem -pass file:my_passphrase
- my_key.pem is the filename of my private key
- my_cert.pem is the filename of the self-signed certificate forwarded to the service operator.
- my_passphrase contains the passphrase for the private key.
I am now trying to access the same service using gSOAP and its C bindings. I followed the documentation at http://www.cs.fsu.edu/~engelen/soapdoc2.html to create binding from the service WSDL and added a call to soap_ssl_client_context() to set up the SSL connection, but I’m running into a problem.
I presumed that I should use the path to my_key.pem as the keyfile parameter, but using gdb, I can see that it is the call to SSL_CTX_use_certificate_chain_file() which is failing.
gSOAP passes the keyfile parameter as the file argument to this call.
Any help is much appreciated.
The solution is that gSOAP expects the certificate and key to be in the same file.
From SSL Certificates and Key Files in the gSOAP documentation:
You can achieve this by concatenating the two files together. This is simple using the Unix tool
cat. At your shell prompt, and using the same file names as in the question:Where
my_certkey.pemis the output file. Now, you can use the path tomy_certkey.pemas the keyfile parameter in the call tosoap_ssl_client_context().Tools like
openssl s_clientandcurlwill understand the concatenated key-cert file as argument to the-certoptions and use both the key and cert from there.