Curitiba WS - problem sending the certificate

Asked

Viewed 410 times

0

I am trying to carry out the communication with the WS of Curitiba (ISS Curitiba) for the sending and query of RPS lots (lots of NFS-e), but the WS always return me the error:

"E504 - Error: Service provider’s digital certificate is mandatory".

So my question is, what files should I send? The customer’s certificate (.pem or .pfx?), the public key? the private key? Someone who once had this job could help me?

I didn’t find much in the manuals and I haven’t been able to contact the support of the city.

I am using the Curl library (according to the code below):

curl_setopt($ch, CURLOPT_URL, '');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

curl_setopt($ch, CURLOPT_SSLCERT, $path.'_cert.pem'); // certificado do cliente
curl_setopt($ch, CURLOPT_SSLKEY, $path.'_priKEY.pem'); // chave privada
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($ch, CURLOPT_KEYPASSWD, '******'); // senha do certificado

curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

Other technical details:

Headers:

$headers = [
   'POST /Iss.NfseWebService/nfsews.asmx HTTP/1.1',
   'HOST: '.$url,
   'Content-Type: text/xml; charset=utf-8',
   'Content-Length: '.strlen($xml),
   'SOAPAction: http://www.e-governeapps2.com.br/RecepcionarLoteRps'
];

Creation of customer certificate:

// recebe o certificado pfx
openssl_pkcs12_read(file_get_contents('certificado.pfx'), $out, '******'));
// grava chave privada e o cartificado (sem a chave privada)
openssl_pkey_export_to_file($out['pkey'], $path.'_priKEY.pem');
openssl_x509_export_to_file($out['cert'], $path.'_cert.pem');
php curl openssl

1 answer

0


For someone who is still with this error, after so long I managed to make the communication work with the WS of Curitiba (ISS).

First, the certificate used must be exactly the same file imported in the ISS Curitiba platform, it cannot be the file . pfx original and yes the one generated by Internet Explorer. When exporting the certificate, it should include the private key and also all extensions.

In its application it is necessary to obtain the data of the exported certificate with the function: 

openssl_pkcs12_read();

After that, you need to save the extracted files (certificate/public key and private key) to temporary files. which will be used to send and perform authentication on WS.

To save the private key it is necessary to perform file encryption:

openssl_pkey_export(
   $certificate->privateKey,
   $privateKeyPath,
   $password
);

curl_setopt($ch, CURLOPT_SSLCERT, $path.'_cert.pem'); // certificado exportado/chave publica
curl_setopt($ch, CURLOPT_SSLKEY, $path.'_priKEY.pem'); // chave privada
curl_setopt($ch, CURLOPT_KEYPASSWD, $password); // senha da chave privada exportada

Other CURL settings can remain the same.

For those who are interested and do not want to have all this manual work, there is also this API under development that performs this communication: sped-nfse-egoverne

It is not yet completely complete but it works perfectly. You only need to pay attention to the confusion of the certificates (the original and the exported).

Browser other questions tagged php curl openssl

You are not signed in. Login or sign up in order to post.