I'm trying to communicate with WS from Curitiba (ISS Curitiba) for sending and querying RPS lots (lots of NFS-e), but WS always returns me the error:
"E504 - Error: The service provider's digital certificate is required."
So my question is, what files should I send? Is the client certificate (.pem or .pfx?) The public key? the private key? Anyone who has ever had this work could help me?
I did not find much in the manuals and I still did not get the support of the city hall.
I'm using the curl library (as per the code below):
curl_setopt($ch, CURLOPT_URL, '');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLCERT, $path.'_cert.pem'); // certificado do cliente
curl_setopt($ch, CURLOPT_SSLKEY, $path.'_priKEY.pem'); // chave privada
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($ch, CURLOPT_KEYPASSWD, '******'); // senha do certificado
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
Other technical details:
Headers:
$headers = [
'POST /Iss.NfseWebService/nfsews.asmx HTTP/1.1',
'HOST: '.$url,
'Content-Type: text/xml; charset=utf-8',
'Content-Length: '.strlen($xml),
'SOAPAction: http://www.e-governeapps2.com.br/RecepcionarLoteRps'
];
Creating the client certificate:
// recebe o certificado pfx
openssl_pkcs12_read(file_get_contents('certificado.pfx'), $out, '******'));
// grava chave privada e o cartificado (sem a chave privada)
openssl_pkey_export_to_file($out['pkey'], $path.'_priKEY.pem');
openssl_x509_export_to_file($out['cert'], $path.'_cert.pem');