[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [BULK] Re: HTTPAPI sending a certificate.
Scott,
After being on the phone with the banks credit card processing company
basically all day, it turns out they "refuse" to send us a "valid"
client certificate and state that if we wouldn't use RPG it would work
just fine. They want me to use PHP or Java to pick up the file stored
in a folder "as is".
The PHP example is $cert = "/path/1234567890.pem";
Therefore, would it be possible for this to work?
https_init(/www/folder/htdocs/InvalidCertificate)
Oh yeah, the funny thing after talking to a manager, they know the
certificate is not valid but we have to have it to communicate with
them.
What a day, thanks for your help.
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Klement
Sent: Friday, September 25, 2009 4:26 PM
To: HTTPAPI and FTPAPI Projects
Subject: [BULK] Re: HTTPAPI sending a certificate.
Importance: Low
Hi Jason,
Are you sure this PEM file has anything to do with the problem? Your
computer appears to be successfully establishing an SSL session with the
HTTP server, and therefore, I'm not sure that the error has anything
to do with SSL.
However, if you do decide that you need to add a certificate, you'd do
that through the OS/400 Digital Certificate Manager (DCM). You'd need
to set up an application profile for your program. So you'd go under
"Manage Applications" in the DCM and add a new client application named
"JASONBAKER_MYPGM" (or whatever name you like.)
Then you'd install your certificate into the DCM, and list it as a
client certificate for the application you just created.
Then in HTTPAPI, you'd insert a line (it has to be before the frist time
you use SSL) that says https_init('JASONBAKER_MYPGM') to tell it which
profile to use from the DCM.
Jason Baker wrote:
> Hello,
>
>
> I am trying to get HTTPAPI working instead of using PHP that
LinkPoint
> or YourPay sent me as an example. This "snip" example is below.
>
>
> What appears to be the problem is the certificate. It appears that
> the "curl" statement, puts the "PEM" file in a string and sends it
> when calling the curl_exec ($ch). By using the Http_Url_Post_Xml
> statement I don't see a way of "attaching" this "PEM" file.
>
>
> Below is what I am using so far with returned errors related to the
> "PEM" file. This is based on talking with the Link Point support
> people and getting documentation on Error SGS-020006 in their
returned
> xml document.
>
>
> My HTTPAPI_Debug log is below.
>
>
> My question; is there a way to "attach/append/use" a "PEM" file
with
> HTTPAPI?
>
>
>
> Thanks.
>
>
>
> ****(What I am currently using)
>
> RC = http_url_post_xml('https://208.72.248.108:1129/LSGSXML'
>
> : %addr(XMLSend)+2
>
> : %len(XMLSend)
>
> : %paddr(StartOfElement)
>
> : %paddr(EndOfElement)
>
> : *NULL );
>
>
> ****(Snip PHP using CURL)
>
> $xml = file_get_contents('/path/xmlfile.xml');
>
> $host = "208.72.248.108";
>
> $port = 1129;
>
> $cert = "/path/1234567890.pem"; # change this to the name and
> location of your certificate file.
>
>
> $hoststring = "https://".$host.":".$port."/LSGSXML";;
>
>
> # use PHP built-in curl functions
>
> $ch = curl_init ();
>
> curl_setopt ($ch, CURLOPT_URL,$hoststring);
>
> curl_setopt ($ch, CURLOPT_POST, 1);
>
> curl_setopt ($ch, CURLOPT_POSTFIELDS, $xml);
>
> curl_setopt ($ch, CURLOPT_SSLCERT, $cert);
>
> curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
>
> curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
>
> curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
>
>
> # send the string to LSGS
>
> $result = curl_exec ($ch);
>
>
> ***(Error SGS-020006: Please contact merchant services.)
>
> * Verify first that the correct store number is entered.
This
> error normally occurs when contact information is updated with your
> merchant bank. For example if the business phone number or address
was
> recently updated. You will need to contact LinkPoint/Yourpay
support
> and they will need to generate a new PEM file for your account. You
> will then need to download the new file and either upload it to
your
> web site or copy/paste it into your shopping cart.
>
>
> ***(HTTPAPI_Debug)
>
> HTTPAPI Ver 1.23 released 2008-04-24
>
> OS/400 Ver V6R1M0
>
>
> New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
> ProtLoc=0
>
> http_persist_open(): entered
>
> http_long_ParseURL(): entered
>
> DNS resolver retrans: 2
>
> DNS resolver retry : 2
>
> DNS resolver options: x'00000136'
>
> DNS default domain: domain.local
>
> DNS server found: 10.73.0.1
>
> DNS server found: 10.73.0.6
>
> https_init(): entered
>
>
----------------------------------------------------------------------
> ---------------
>
> Dump of local-side certificate information:
>
>
----------------------------------------------------------------------
> ---------------
>
>
----------------------------------------------------------------------
> ---------------
>
> Dump of server-side certificate information:
>
>
----------------------------------------------------------------------
> ---------------
>
> Cert Validation Code = 6000
>
> -----BEGIN CERTIFICATE-----
>
> ****Certificate Stuff - Commented out****
>
> -----END CERTIFICATE-----
>
> Serial Number: 0E
>
> Common Name: dev.linkpoint.com
>
> Country: US
>
> State/Province: California
>
> Locality: Moorpark
>
> Org Unit: LinkPoint International
>
> Org: Internet Solutions Team
>
> Issuer CN: www.linkpoint.com
>
> Issuer Country: US
>
> Issuer State/Province: California
>
> Issuer Locality: Malibu
>
> Issuer Org: LinkPoint International
>
> Issuer Org Unit: Internet Solutions Team
>
> Version: 01
>
> not before: 20030612164304
>
> not after: 20130609164304
>
> pub key alg: 1.2.840.113549.1.1.4
>
>
> Protocol Used: TLS Version 1
>
> http_persist_post(): entered
>
> http_long_ParseURL(): entered
>
> do_post(): entered
>
> POST /LSGSXML HTTP/1.1
>
> Host: 208.72.248.108:1129
>
> User-Agent: http-api/1.23
>
> Content-Type: text/xml
>
> Expect: 100-continue
>
> Content-Length: 536
>
>
>
> recvresp(): entered
>
> SetError() #43: CommSSL_Read: time-out!
>
> senddoc(): entered
>
>
<order><merchantinfo><configfile>1909166064</configfile></merchantinfo
>
><orderoptions><ordertype>SALE</ordertype></orderoptions><payment><cha
>
rgetotal>59.95</chargetotal></payment><creditcard><cardnumber>40055500
>
00000019</cardnumber><cardexpmonth>08</cardexpmonth><cardexpyear>14</c
>
ardexpyear><cvmvalue>709</cvmvalue></creditcard><billing><address1>112
> 5 Spencerville
>
Rd.</address1><state>OH</state><zip>45833</zip><phone>4195551212</phon
>
e><addrnum>1125</addrnum></billing><transactiondetails><oid>111999</oi
> d></transactiondetails></order>
>
> recvresp(): entered
>
> HTTP/1.1 200 OK
>
> Content-Length: 291
>
>
>
> SetError() #13: HTTP/1.1 200 OK
>
> recvdoc parms: identity 291
>
> header_load_cookies() entered
>
> recvdoc(): entered
>
> SetError() #0:
>
> <r_csp></r_csp><r_time></r_time><r_ref></r_ref><r_error>SGS-020006:
> Please contact merchant
>
services.</r_error><r_ordernum></r_ordernum><r_message></r_message><r_
>
code></r_code><r_tdate></r_tdate><r_score></r_score><r_authresponse></
> r_authresponse><r_approved></r_approved><r_avs></r_avs>
>
>
>
> http_close(): entered
>
> SetError() #66: XML parse failed at line 1, col 15: junk after
> document element
>
>
>
>
------------------------------------------------------------------------
>
>
-----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
>
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------