Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
5
Helpful
2
Replies

PHP AXL Call no longer working

chad_meyer
Level 1
Level 1

‎07-07-2022 09:09 PM

Hey everyone,

 

I am picking up again on a project that has me using AXL requests into CUCM 11.5. Initially I had this working per Cisco's PHP AXL Quickstart guide, however that is now not working.  Doing some digging I found the common name of the cert was updated to use multi-san. So now instead of the CN of the cert being cucmpub.domain it now shows cucmpub-ms.domain.  My context variable is as follows, which I thought bypassed certificate checks:

 

$context = stream_context_create(array('ssl'=>array('allow_self_signed'=>true)));

This connection fails with a 'cannot connect to host'.  With these same values pointed to a different CUCM server we have in which the CN of the cert matches the hostname, my API is able to be called.  I have also tried defining the cafile of the tomcat cert, which also fails.

 

Any thoughts on how to get a connection?


Thanks in advance!

Labels:
0 Helpful
2 Replies 2

dstaudt
Cisco Employee
Cisco Employee

‎07-07-2022 11:21 PM

Your example would validate for a certificate where the certificate authority cert and the host cert are the same (self-signed), but I think you also need '

'verify_peer_name'=>true

to allow it to validate when the CN and host name are mismatched (even downloading and specifying the cert file won't work, since the names don't match.)

But...

  • Hopefully one of the SANs is in fact the host name..?  If not, that's very bad and should be corrected.
  • I'm not sure how/if PHP SOAPClient supports validating SAN certs - if you're using an older PHP version, you might try updating to something recent (maybe support was added..?)  If that doesn't work, you might try inquiring with the PHP community - hopefully there's a solution, or at least a bug report you can follow...

chad_meyer
Level 1
Level 1
In response to dstaudt

‎07-08-2022 06:39 AM

Thanks for the reply @dstaudt. I added the 'verify_peer_name' entry, however getting the same results.  The hostname is defined in the SAN entry and am running PHP 7.3.  I didn't see anything in the PHP docs that SAN checking but will reach out in a PHP community to see what insights they can provide.  Thanks.

0 Helpful
Customers Also Viewed These Support Documents