3

I have a successful SOAP request in SOAPUI that I'm trying to convert into R code with the httr package. In SOAPUI, all I have to do for SSL settings is provide a file path that points to a PKCS#12 file for the KeyStore, and then provide a plain text password for the PKCS#12 file as the KeyStore Password. With this setup, everything works fine.

In R, since httr uses curl, it is my understanding that I need to extract the client SSL cert and SSL key as two .pem files from the bundled PKCS#12 file. So I extracted them with the following OpenSSL commands:

openssl pkcs12 -in "path to .p12 file" -passin pass:******** -clcerts -nokeys -out "path to new cert.pem"
openssl pkcs12 -in "path to .p12 file" -passin pass:******** -nodes -nocerts -out "path to new key.pem"

Then, within my httr::POST request, I've included this config option to point to the .pem files so the curl handle can be properly defined (I've only temporarily set ssl_verifypeer = F so I could eliminate the possibility of getting an error due to the CA bundle):

config(ssl_verifypeer = F, sslcert = "path to new cert.pem", sslkey = "path to new key.pem")

However, whenever I run the httr::POST request I get the following error:

Error in curl::curl_fetch_memory(url, handle = handle) : 
schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs 
when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows 
System event log.

I don't know what mistake I'm making here but I have been struggling with it for weeks. Any help here would be a lifesaver.

Kyle Dixon
  • 285
  • 4
  • 13
  • Kyle, Please review the following answer: https://stackoverflow.com/questions/37273819/how-to-specify-certificate-key-and-root-certificate-with-httr-for-certificate-b My general recommendation would be to first test using `curl`, validate your request works, then convert to a `httr` request. I hope the above points you in the right direction. – Technophobe01 Feb 02 '20 at 18:25
  • Did you get your question resolved? – Technophobe01 Feb 08 '20 at 01:33

1 Answers1

1

You could try something along these lines:

# request made with certificate and key as plain text
res <- POST("the_url_goes_here",
            config = config(sslcert = "certificate_path", sslkey = "key_goes_here_as_plain_text"), 
            verbose(data_out = F, data_in = F, info = T, ssl = F)) # this is quite helpful to debug if something goes wrong

# you can also read in the certificate separately
cert <- openssl::read_p12(file = "cert_path", password = "key_goes_here")

# since there are different type of certificates that are handled differently by curl, this table of options might be helpful as well
# it shows what is the corresponding parameter in httr to the one in curl
httr::httr_options()

# here is what a curl command could look like
curl --data "@name_of_the_file_goes_here.json" --cert "name_of_the_certificate_goes_here.pfx" --key "password_goes_here" https://url.com

pause
Jakub.Novotny
  • 2,912
  • 2
  • 6
  • 21