Solved: Re: Connect to Qliksense QRS using PHP and certifi... - Qlik Community

nsm1234567 · ‎2017-09-26

Hey There,

I'm trying to connect to Qliksense QRS using the instructions here:

http://help.qlik.com/en-US/sense-developer/1.0/Subsystems/Qlik_Sense_Repository_Service_API/Content/...

I exported the certificates from the QMC and converted them using the instructions found here:

http://help.qlik.com/en-US/sense-developer/1.0/Subsystems/Qlik_Sense_Repository_Service_API/Content/...

I'm using the below code to connect, but whenever I run the code I receive the following error: cURL error (58): Problem with the local SSL certificate. Does anyone have any experience with connecting using PHP that might be able to assist with what's going wrong with this code? I'm not sure what the problem is with the certificate?

 <?php
        
               //URL of the server 
               $QRSurl = "https://server.domain.com:4242/qrs";
               //Endpoint to call (with xrfkey parameter added) 
               $endpoint = "/app?xrfkey=0123456789abcdef";
               //Location of QRS client certificate 
               $QRSCertfile = "C:\xampp\htdocs\Cubiest\Certs\client.pem";
               
               //Set up the required headers
               
               $headers = array( 'Accept: application/json', 
                                'Content-Type: application/json', 
                                'x-qlik-xrfkey: 0123456789abcdef', 
                                'X-Qlik-User: UserDirectory=directory;UserId=myuserid' );
               
               //Create Connection using Curl
               $ch = curl_init($QRSurl . $endpoint); 
               curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
               curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
               curl_setopt($ch, CURLOPT_SSLCERT, $QRSCertfile);
               curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
               curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
               //Execute and print response
               $data = curl_exec($ch); 
               echo $data;
               if ($errno = curl_errno($ch))  
                {  
                    $error_message = curl_strerror($errno);  
                    echo "cURL error ({$errno}):\n {$error_message}";  
                }  
        ?>

bknol · ‎2017-09-27

Hi Nathan,

You are referencing the version 1.0 help. In newer versions of Qlik Sense it is possible to export a certificate in PEM format in the QMC, so you don't have to convert them any longer. What version of Qlik Sense are you using?

When you export a certificate make sure to select the checkbox 'Include secret key'.

See here for documentation (September 2017) to export certificate: Exporting certificates through the QMC ‒ Qlik Sense

When you export the certificate via QMC in PEM format (and select 'Include secret key') you will get a client.pem and client_key.pem file. Try to add the client_key.pem in the cURL request (see line 26 and 27 below).

Hope this helps.

<?php
    
//URL of the server
$QRSurl = "https://server.domain.com:4242/qrs";

//Endpoint to call (with xrfkey parameter added)
$endpoint = "/app?xrfkey=0123456789abcdef";

//Location of QRS client certificate
$QRSCertfile = "C:\xampp\htdocs\Cubiest\Certs\client.pem";
$QRSCertKeyfile = "C:\xampp\htdocs\Cubiest\Certs\client_key.pem";

//Set up the required headers
$headers = array( 'Accept: application/json',
'Content-Type: application/json',
'x-qlik-xrfkey: 0123456789abcdef',
'X-Qlik-User: UserDirectory=directory;UserId=myuserid' );

//Create Connection using Curl
$ch = curl_init($QRSurl . $endpoint);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSLCERT, $QRSCertfile);

//Add client_key and set certtype to PEM
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, $QRSCertKeyfile);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

//Execute and print response
$data = curl_exec($ch);

echo $data;
if ($errno = curl_errno($ch))
{
     $error_message = curl_strerror($errno);
     echo "cURL error ({$errno}):\n {$error_message}";
}
?>

Kind regards,

Bas Knol

View solution in original post

bknol · ‎2017-09-27

Hi Nathan,

You are referencing the version 1.0 help. In newer versions of Qlik Sense it is possible to export a certificate in PEM format in the QMC, so you don't have to convert them any longer. What version of Qlik Sense are you using?

When you export a certificate make sure to select the checkbox 'Include secret key'.

See here for documentation (September 2017) to export certificate: Exporting certificates through the QMC ‒ Qlik Sense

When you export the certificate via QMC in PEM format (and select 'Include secret key') you will get a client.pem and client_key.pem file. Try to add the client_key.pem in the cURL request (see line 26 and 27 below).

Hope this helps.

<?php
    
//URL of the server
$QRSurl = "https://server.domain.com:4242/qrs";

//Endpoint to call (with xrfkey parameter added)
$endpoint = "/app?xrfkey=0123456789abcdef";

//Location of QRS client certificate
$QRSCertfile = "C:\xampp\htdocs\Cubiest\Certs\client.pem";
$QRSCertKeyfile = "C:\xampp\htdocs\Cubiest\Certs\client_key.pem";

//Set up the required headers
$headers = array( 'Accept: application/json',
'Content-Type: application/json',
'x-qlik-xrfkey: 0123456789abcdef',
'X-Qlik-User: UserDirectory=directory;UserId=myuserid' );

//Create Connection using Curl
$ch = curl_init($QRSurl . $endpoint);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSLCERT, $QRSCertfile);

//Add client_key and set certtype to PEM
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, $QRSCertKeyfile);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

//Execute and print response
$data = curl_exec($ch);

echo $data;
if ($errno = curl_errno($ch))
{
     $error_message = curl_strerror($errno);
     echo "cURL error ({$errno}):\n {$error_message}";
}
?>

Kind regards,

Bas Knol

nsm1234567 · ‎2017-09-29

Hi Bas,

Thanks for the response. I made the changes that you suggested, unfortunately, my issue wasn't resolved. Strangely, if I run the below curl request from the command line, it returns:

{"buildVersion":"12.16.1.0","buildDate":"9/20/2013 10:09:00 AM","databaseProvide

r":"Devart.Data.PostgreSql","nodeType":1,"sharedPersistence":false,"requiresBoot

strap":false,"schemaPath":"About"}

c:\curl\curl.exe --header "Accept: application/json" --header "Content-Type: application/json" --header "x-qlik-xrfkey: 0123456789abcdef" --header "X-Qlik-User: UserDirectory=directory;UserId=username" --key C:\xampp\htdocs\Cubiest\Certs\client_key.pem --insecure --cert-type pem --cert C:\xampp\htdocs\Cubiest\Certs\client.pem "https://myurl:4242/qrs/about?xrfkey=0123456789abcdef"

But when I try to code for this in php, it returns that there's a problem with the local certificate. I tried fiddling with the proxy settings as well, but that didn't change anything.

 //Location of QRS client certificate  
  $QRSCertfile = "C:\xampp\htdocs\Cubiest\Certs\client.pem";  
  $QRSCertKeyfile = "C:\xampp\htdocs\Cubiest\Certs\client_key.pem"; 

   //Set up the required headers  
  $headers = array();
  $headers[] = "Accept: application/json";
  $headers[] = "Content-Type: application/json";
  $headers[] = "X-Qlik-Xrfkey: 0123456789abcdef";
  $headers[] = "X-Qlik-User: UserDirectory=directory;UserId=username";

   //Create Connection using Curl  
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, "https://myurl:4242/qrs/about?xrfkey=0123456789abcdef");
  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);  
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
  curl_setopt($ch, CURLOPT_SSLKEY, $QRSCertKeyfile);
  curl_setopt($ch, CURLOPT_SSLCERTTYPE, "PEM");
  curl_setopt($ch, CURLOPT_SSLCERT, $QRSCertfile);   
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);  
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);  

   //Execute and print response  
  $data = curl_exec($ch);  
  $information = curl_getinfo($ch);

  echo $data;  

  $error_message = curl_strerror(curl_errno($ch));  
  echo "cURL error (58):\n {$error_message}";

nsm1234567 · ‎2017-09-29

I figured this last part out! It turns out the application wasn't happy with the relative paths to the certificates. Changing as I've done below returns the correct result

//Create Connection using Curl  
                $ch = curl_init();
                curl_setopt($ch, CURLOPT_URL, "https://myurl/qrs/about?xrfkey=0123456789abcdef");
                curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 0);
                curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
                curl_setopt($ch, CURLOPT_PROXY, $proxy);
                curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);  
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_VERBOSE, 1);
                curl_setopt($ch, CURLOPT_CERTINFO, 1);
                curl_setopt($ch, CURLOPT_SSLKEY, __DIR__."/Certs/client_key.pem");
                curl_setopt($ch, CURLOPT_SSLCERTTYPE, "PEM");
                curl_setopt($ch, CURLOPT_SSLCERT, __DIR__."/Certs/client.pem");  
                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);  
                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

Connect to Qliksense QRS using PHP and certificates