Menu
Summary:
Is there a way to force the built in SoapClient-class in PHP to connect over HTTPS to a server with an invalid certificate?
Why would I want to do that?
I have deployed a new application on a server that has no DNS entry or certificate yet. I want to try connecting to it with a SoapClient before setting up the DNS entry and fixing the certificate, and the most reasonable way to do this seems to be to just make the client ignore the certificate during testing.
Don't I realise that this is a huge security risk?
This is only for testing. When the service goes into production, there will be a valid certificate in place, and the client will be forced to validate it.
460
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
In the Internet Options window on the Advanced tab, under Settings, scroll down to the Security section. In the Security section, locate the Use SSL and Use TLS options and uncheck Use SSL 3.0 and Use SSL 2.0.
Close any open instance of SoapUI. Uninstall the AppScan SSL Certificate by clicking Tools > Options > Recording Proxy tab > Remove. Note: Ignore the warning that appears.
SoapClient takes a stream context in its parameters, which you can create yourself. That way you can control almost every aspect of the transport layer:
$context = stream_context_create([ 'ssl' => [ // set some SSL/TLS specific options 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ] ]); $client = new SoapClient(null, [ 'location' => 'https://...', 'uri' => '...', 'stream_context' => $context ]); Documentation:
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
