Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct certificate chain format for client_service_provider_certificate_chain #48

Open
1 task done
Noah-Vincenz opened this issue Jan 17, 2022 · 1 comment
Open
1 task done

Correct certificate chain format for client_service_provider_certificate_chain #48

Noah-Vincenz opened this issue Jan 17, 2022 · 1 comment

Comments

@Noah-Vincenz
Copy link

Steps to reproduce:

  1. running tinker/create-psd2-configuration.php --certificate ~/path/to/certs/signing_cert.pem --chain ~/path/to/certs/signing_cert_chain.pem --key ~/path/to/certs/signing_cert.key from terminal

What should happen:

  1. Create PSD2 Provider

What happens:

  1. Running into Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate. in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php:52

Traceback

PHP Fatal error: Uncaught bunq\Exception\BadRequestException: HTTP Response Code: 400
The response id to help bunq debug: 6b3487d7-44e8-4a99-8f3c-45441bc7e810
Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate. in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php:52
Stack trace:
#0 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/ResponseHandlerError.php(54): bunq\Exception\ExceptionFactory::createExceptionForResponse(Array, 400, '6b3487d7-44e8-4...')
#1 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/HandlerUtil.php(42): bunq\Http\Handler\ResponseHandlerError->execute(Object(GuzzleHttp\Psr7\Response))
#2 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/FulfilledPromise.php(39): bunq\Http\Handler\HandlerUtil::bunq\Http\Handler{closure}(Object(GuzzleHttp\Psr7\Response))
#3 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/TaskQueue.php(47): GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise{closure}()
#4 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(246): GuzzleHttp\Promise\TaskQueue->run(true)
#5 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(223): GuzzleHttp\Promise\Promise->invokeWaitFn()
#6 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(267): GuzzleHttp\Promise\Promise->waitIfPending()
#7 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(225): GuzzleHttp\Promise\Promise->invokeWaitList()
#8 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()
#9 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/guzzle/src/Client.php(183): GuzzleHttp\Promise\Promise->wait()
#10 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(220): GuzzleHttp\Client->request('POST', Object(GuzzleHttp\Psr7\Uri), Array)
#11 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(492): bunq\Http\ApiClient->request('POST', 'payment-service...', Array, Array, Array)
#12 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Model/Core/PaymentServiceProviderCredentialInternal.php(46): bunq\Http\ApiClient->post('payment-service...', Array, Array)
#13 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(221): bunq\Model\Core\PaymentServiceProviderCredentialInternal::createWithApiContext('-----BEGIN CERT...', '-----BEGIN CERT...', 'UvMNfs5vOA2TV9e...', Object(bunq\Context\ApiContext))
#14 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(153): bunq\Context\ApiContext->initializePsd2Credential(Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array)
#15 /Users/noah-vincenznoah/Desktop/tinker2/tinker/create-psd2-configuration.php(57): bunq\Context\ApiContext::createForPsd2(Object(bunq\Util\BunqEnumApiEnvironmentType), Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array, '##### YOUR DEVI...')
#16 {main}
thrown in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php on line 52

Fatal error: Uncaught bunq\Exception\BadRequestException: HTTP Response Code: 400
The response id to help bunq debug: 6b3487d7-44e8-4a99-8f3c-45441bc7e810
Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate. in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php:52
Stack trace:
#0 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/ResponseHandlerError.php(54): bunq\Exception\ExceptionFactory::createExceptionForResponse(Array, 400, '6b3487d7-44e8-4...')
#1 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/Handler/HandlerUtil.php(42): bunq\Http\Handler\ResponseHandlerError->execute(Object(GuzzleHttp\Psr7\Response))
#2 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/FulfilledPromise.php(39): bunq\Http\Handler\HandlerUtil::bunq\Http\Handler{closure}(Object(GuzzleHttp\Psr7\Response))
#3 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/TaskQueue.php(47): GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise{closure}()
#4 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(246): GuzzleHttp\Promise\TaskQueue->run(true)
#5 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(223): GuzzleHttp\Promise\Promise->invokeWaitFn()
#6 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(267): GuzzleHttp\Promise\Promise->waitIfPending()
#7 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(225): GuzzleHttp\Promise\Promise->invokeWaitList()
#8 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()
#9 /Users/noah-vincenznoah/Desktop/tinker2/vendor/guzzlehttp/guzzle/src/Client.php(183): GuzzleHttp\Promise\Promise->wait()
#10 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(220): GuzzleHttp\Client->request('POST', Object(GuzzleHttp\Psr7\Uri), Array)
#11 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Http/ApiClient.php(492): bunq\Http\ApiClient->request('POST', 'payment-service...', Array, Array, Array)
#12 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Model/Core/PaymentServiceProviderCredentialInternal.php(46): bunq\Http\ApiClient->post('payment-service...', Array, Array)
#13 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(221): bunq\Model\Core\PaymentServiceProviderCredentialInternal::createWithApiContext('-----BEGIN CERT...', '-----BEGIN CERT...', 'UvMNfs5vOA2TV9e...', Object(bunq\Context\ApiContext))
#14 /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Context/ApiContext.php(153): bunq\Context\ApiContext->initializePsd2Credential(Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array)
#15 /Users/noah-vincenznoah/Desktop/tinker2/tinker/create-psd2-configuration.php(57): bunq\Context\ApiContext::createForPsd2(Object(bunq\Util\BunqEnumApiEnvironmentType), Object(bunq\Model\Generated\Object\Certificate), Object(bunq\Security\PrivateKey), Array, '##### YOUR DEVI...')
#16 {main}
thrown in /Users/noah-vincenznoah/Desktop/tinker2/vendor/bunq/sdk_php/src/Exception/ExceptionFactory.php on line 52

SDK version and environment

Response id

  • Response id: 6b3487d7-44e8-4a99-8f3c-45441bc7e810

Extra info:

I have verified my certificate and its root certificate. I am unsure about the format for the client_service_provider_certificate_chain parameter value for the request body to the POST /payment-service-credential-provider endpoint for our certificates?
Assuming I have the three certificates:

  1. client signing certificate A
  2. intermediate certificate B
  3. root certificate C

What should the client_service_provider_certificate_chain value be (ie the format of the signing_cert_chain.pem file in the Steps to reproduce command)?
We have tried many different combinations

  1. BC with new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and suffix for both B and C
  2. BC without new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and without suffix for both B and C
  3. B,C
  4. [B,C]
  5. CB
    ... and so on. Any help would be greatly appreciated.
@Noah-Vincenz
Copy link
Author

also followed everything in this thread https://together.bunq.com/d/46832
and this Medium blog post

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Noah-Vincenz