October 7th, 2008Test your SSL SOAP Client with an Online Service
WSF/PHP Demo Site services can be accessed via https (Secured HTTP) transport. For an example you can access the echo service via https from https://2ec2.wso2.org/samples/echo_service.php endpoint. This can be used to identify whether you WSF/PHP instance is built with SSL enabled. (Note that from WSF/PHP 2.0.0 onwards, You have SSL enabled by default both in Linux and Windows, so for newer releases you don’t need explicitly set that when compiling).
Here is a sample client I used to connect to the https service. The only thing new from the traditional echo client is it has specified “CACert” option and the URL is pointing to a https service.
<?php $requestPayloadString = <<<XML <ns1:echoString xmlns:ns1="http://wso2.org/wsfphp/samples"><text>Hello World!</text></ns1:echoString> XML; try { $client = new WSClient(array( "to" => "https://2ec2.wso2.org/samples/echo_service.php", "CACert" => "./resources/cacert.pem")); $responseMessage = $client->request( $requestPayloadString ); printf("Response = %s <br>", htmlspecialchars($responseMessage->str)); } catch (Exception $e) { if ($e instanceof WSFault) { printf("Soap Fault: %s\\n", $e->Reason); } else { printf("Message = %s\\n",$e->getMessage()); } } ?>
November 10th, 2008 at 10:47 am
Dimuthu,
Is it possible for a client to access a webservice over https without supplying a certificate?
November 10th, 2008 at 11:57 am
Hi Davidas,
With WSF/PHP you can’t.
Anyway it is client’s responsibility to validate the server certificate. So you may able to use some other libraries to ignore the server certificate.
But whole point of providing a service in https is to let us validate the server. So why don’t we skip that part?, specially when it is really easy to do that.
Thanks
Dimuthu