Histórico de mensagens sobre ssl em pix

PROCURE NO HISTÓRICO

Termos mais procurados:

CANAIS DE TEXTO

DISCUSSÕES

EXIBINDO CONVERSAS RECENTES:

Texto: ssl
Canal: pix
Avatar discord do usuario rubenskuhl

rubenskuhl

Ver Respostas

O exemplo da GN para Nginx separa o mTLS só em um path:
server {
#
# ...
#
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate server_ssl.crt.pem;
ssl_certificate_key server_ssl.key.pem;
ssl_client_certificate /root/chain-pix-webhooks-prod.crt;
ssl_verify_client optional;
ssl_verify_depth 3;
#
# ...
#
location /webhook {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
rewrite ^(.)$ /webhook;
}
}

Avatar discord do usuario fpsgoapp

fpsgoapp

Ver Respostas

Obrigado pelo retorno Rubens, reparamos isso na documentação mas nosso ambiente compartilha de um outro certificado SSL

Avatar discord do usuario roguitar88

roguitar88

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api-pix-h.gerencianet.com.br/oauth/token');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
$pem=realpath("/etc/certs-gerencianet/olimppiuspix.crt.pem");
if(!$pem || !is_readable($pem)){
die("olimppiuspix.crt.pem is not readable! realpath: \"{$pem}\" - working dir: \"".getcwd()."\" effective user: ".print_r(posix_getpwuid(posix_geteuid()),true));
}
curl_setopt($ch, CURLOPT_SSLCERT, $pem);

Avatar discord do usuario roguitar88

roguitar88

Fatal error: Uncaught Error: cURL error 58: could not load PEM client certificate, OpenSSL error error:0200100D:system library:fopen:Permission denied, (no key found, wrong pass phrase, or wrong file format?) (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) in /var/www/html/olimppius/src/Classes/ClassOrder.php:889 Stack trace: #0 /var/www/html/olimppius/app/Controller/ControllerPix.php(20): Src\Classes\ClassOrder->hirePlan() #1 /var/www/html/olimppius/app/Dispatch.php(44): App\Controller\ControllerPix->__construct() #2 /var/www/html/olimppius/app/Dispatch.php(36): App\Dispatch->addController() #3 /var/www/html/olimppius/public/index.php(7): App\Dispatch->__construct() #4 {main} thrown in /var/www/html/olimppius/src/Classes/ClassOrder.php on line 889

Avatar discord do usuario roguitar88

roguitar88

Ver Respostas

$config = [
"certificado" => "/etc/certs-gerencianet/olimppiuspix.crt.pem",
"client_id" => $this->clientId,
"client_secret" => $this->clientSecret
];
$autorizacao = base64_encode($config["client_id"] . ":" . $config["client_secret"]);

$curl = curl_init();

curl_setopt_array($curl, array(
CURLOPT_URL => "https://api-pix-h.gerencianet.com.br/oauth/token", // Rota base, homologação ou produção
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => '{"grant_type": "client_credentials"}',
CURLOPT_SSLCERT => $config["certificado"], // Caminho do certificado
CURLOPT_SSLCERTPASSWD => "",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic $autorizacao",
"Content-Type: application/json"
),
));

$response = curl_exec($curl);

curl_close($curl);

echo "

";
            echo $response; //print_r($response);
            echo "
";
// echo "Que que está acontecendo";

Avatar discord do usuario elsonlima0580

elsonlima0580

esse modelo então não é suficiente?
$config = [
"certificado" => "./certificado.pem",
"client_id" => "YOUR-CLIENT-ID",
"client_secret" => "YOUR-CLIENT-SECRET"
];
$autorizacao = base64_encode($config["client_id"] . ":" . $config["client_secret"]);

$curl = curl_init();

curl_setopt_array($curl, array(
CURLOPT_URL => "https://api-pix-h.gerencianet.com.br/oauth/token", // Rota base, homologação ou produção
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => '{"grant_type": "client_credentials"}',
CURLOPT_SSLCERT => $config["certificado"], // Caminho do certificado
CURLOPT_SSLCERTPASSWD => "",
CURLOPT_HTTPHEADER => array(
"Authorization: Basic $autorizacao",
"Content-Type: application/json"
),
));

$response = curl_exec($curl);

curl_close($curl);

echo "

";
echo $response;
echo "
";

Avatar discord do usuario guilherme_efi

guilherme_efi

Ver Respostas

Tente colocar o trecho SSLCACertificateFile /etc/ssl/certs/chain-pix-prod.crt fora do

Avatar discord do usuario ro.dri.go.sil.va

ro.dri.go.sil.va

Ver Respostas

Your SSL library does not have support for per-directory CA

Avatar discord do usuario ro.dri.go.sil.va

ro.dri.go.sil.va

Ver Respostas

Não consigo dar restart no apache com a configuração
:443>

Options Indexes FollowSymLinks
AllowOverride All
Require all granted

ServerAdmin [email protected]
ServerName pix.meudominio.com.br
DocumentRoot /var/www/pix
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =pix.meudominio.com.br
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/pix.meudominio.com.br/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pix.meudominio.com.br/privkey.pem

SSLVerifyClient require
SSLVerifyDepth 3
SSLCACertificateFile /etc/ssl/certs/chain-pix-prod.crt


Avatar discord do usuario rubenskuhl

rubenskuhl

Ver Respostas

No Apache eu achava que era Directory, mas é Location mesmo:

## Se preferir deixar apenas uma rota de sua url para notificações você pode adicionar:

SSLVerifyClient none

SSLVerifyClient require
SSLVerifyDepth 3

Avatar discord do usuario ro.dri.go.sil.va

ro.dri.go.sil.va

Ver Respostas

adicionei e agora a página da o erro ERR_BAD_SSL_CLIENT_AUTH_CERT

Avatar discord do usuario ezequielsp

ezequielsp

Ver Respostas

Tens que adicionar no arquivo de conf meudominio-le-ssl.conf

SSLVerifyClient require
SSLCACertificateFile "/etc/ssl/certs/chain-pix-prod.crt"
SSLVerifyDepth 3

Avatar discord do usuario ro.dri.go.sil.va

ro.dri.go.sil.va

:80>

Options Indexes FollowSymLinks
AllowOverride All
Require all granted

ServerAdmin [email protected]
ServerName pix.meudominio.com.br
DocumentRoot /var/www/pix
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =pix.meudominio.com.br
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/pix.meudominio.com.br/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pix.meudominio.com.br/privkey.pem
SSLVerifyClient require
SSLVerifyDepth 3
SSLCACertificateFile /etc/ssl/certs/chain-pix-prod.crt

Avatar discord do usuario rubenskuhl

rubenskuhl

Ver Respostas

Também do <@!781928420757864468> :
// modelo funcional
public void GerarTokenGN(string client_id, string client_secret)
{
// força o uso do protocolo TLS, caso o protocolo padrão seja SSL ou outro protocolo
//ServicePointManager.Expect100Continue = true;
//ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;

X509Certificate2 uidCert = new X509Certificate2("NOME_DO_CERTIFICADO.p12", "");
var client = new RestSharp.RestClient("https://api-pix-h.gerencianet.com.br/oauth/token");
client.ClientCertificates = new X509CertificateCollection() { uidCert };
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "Basic " + System.Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}", client_id, client_secret))));
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\"grant_type\":\"client_credentials\",\"client_id\":\"" + client_id + "\",\"client_secret\":\"" + client_secret + "\"}", ParameterType.RequestBody);
IRestResponse restResponse = client.Execute(request);
string response = restResponse.Content;

Console.WriteLine(response);
}

Avatar discord do usuario brunodelara

brunodelara

erro do apache "SSL routines:SSL_verify_client_post_handshake:extension not received"

Avatar discord do usuario Deleted User

Deleted User

Ver Respostas

No PHP use o openssl_pkcs12_read

Avatar discord do usuario guilherme_eyhe3189

guilherme_eyhe3189

fui converter o certificado usando o openssl.exe e me pediu uma senha do certificado

Avatar discord do usuario Deleted User

Deleted User

Ver Respostas

openssl.exe