How to make certificate in OpenSSL to work with php?

Recently i decided to add banklink payment option for my php store and after reading specifications of implementation everything seems okey, but the 1 point of it. All public key(certificates) exchange are in X509 format. Now what does that last one mean and how it's different from regular password protected .pem file? Also with regular password protected .pem f开发者_如何学Goile i cannot use php function like openssl_verify() signed by openssl_sign() function.

Could i get some advice here please since the bank that offering this payment method has very little information on this and im totally newb to this.

So the routine i need to do here is generate request.pem for them and send it to them. After that they will sign it or whatever i dunno and i should be able to use it in my application.

Please, tell me if my information is not enough because as i told i don't know much when in comes to certificates or openssl.

PEM file contains encrypted and base64-encoded 'raw' certificate/private key value, so functions that work with PEM should also work with raw certificates. OpenSSL should be able to convert from one format to another.

You have to use curl concept.

curl_setopt($ch, CURLOPT_SSLCERT,'CA.pem');

Honestly, the OpenSSL capabilities in PHP are abysmal. Your best bet is to go for an awesome package like phpseclib.

long time ago i was doing something similar. The difference is they just gave me the pem file, and i used it to connect to their server.

Below I wrote my guiessing for you. :)

1. Generate myreq.pem using openssl tool.
2. Send myreq.pem to them and get signed certificate ca.pem.
3. Use ca.pem in PHP like below.

$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'verify_peer', false); //or can be true
stream_context_set_option($context, 'ssl', 'cafile', "ca.pem");
stream_context_set_option($context, 'ssl', 'local_cert', "ca.pem");
stream_context_set_option($context, 'ssl', 'passphrase', 'your pem file password');
//instead tls can be ssl, sslv3, sslv2 depending requirements, 10 is timeout
$sock = stream_socket_client("tls://host:port", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $context); 
fwrite($sock, "Hi server\r\n");
$strResponse;
while(!feof($sock)) { $strResponse = $strResponse . fgets($sock, 1024); }
fclose($s);
echo $strResponse;