search

bunq / sdk_php

PHP SDK for bunq API
MIT License
83 stars 54 forks source link

Correct certificate chain format for `client_service_provider_certificate_chain` #220

Open Noah-Vincenz opened 2 years ago

Noah-Vincenz commented 2 years ago

Steps to reproduce:

  1. "Creating a PSD2 context"

What should happen:

  1. Create PSD2 Provider

What happens:

  1. Running into `Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate.

SDK version and environment

Extra info:

I have verified my certificate and its root certificate. I am unsure about the format for the client_service_provider_certificate_chain parameter value for the request body to the POST /payment-service-credential-provider endpoint for our certificates? Assuming I have the three certificates:

  1. client signing certificate A
  2. intermediate certificate B
  3. root certificate C

What should the client_service_provider_certificate_chain value be? We have tried many different combinations

  1. BC with new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and suffix for both B and C
  2. BC without new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and without suffix for both B and C
  3. B,C
  4. [B,C]
  5. CB ... and so on. Any help would be greatly appreciated.
basst85 commented 2 years ago

Hi!

Check the following topic: https://together.bunq.com/d/46832

And this Medium blog: https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce

Noah-Vincenz commented 2 years ago

@basst85 hello and thanks for your quick response.

I had used the medium blog article previously to validate my certificates and I have also gone through the bunq thread now, but I still seem to be having the same issue as Ryan in the bunq thread.

I have also contacted apipartner@bunq.com back in December but have not heard back from them and sent them another follow up email yesterday.