locked
Microsoft HealthVault Certificate from PHP based application RRS feed

  • Question

  • Some background Info

    I am working on a PHP application that is supposed to interact with Microsoft HealthVault. I was able to download the health vault library from https://sourceforge.net/projects/healthvaultphp/ and get the data stored in my healthvault test account.

    Now the library came with "sandbox" app.id, app.cer, etc. all the authentication stuff. So the issue I am having is how to get live certificate for my php app. I downloaded the makecert.exe file from microsoft to generate a certificate for me, but it generates a binary file compared to the text files included in the healthvaultphp library.

    my question

    How and what should go into following files?

    authentication/app.cer

    authentication/app.fp

    authentication/app.pem

    Thursday, July 28, 2011 10:33 PM

Answers

  • I use openssl to create keys and convert formats.  You can create the keys directly with:

    • openssl req -outform DER -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout key.pem -out cert.der

    Your public key will be in cert.der.  Your private key will be in key.pem.

    openssl can also convert windows *pfx files appropriately:

    • openssl pkcs12 -in your-keys.pfx -nokeys -clcerts -out cert.cer
    • openssl pkcs12 -in your-keys.pfx -nocerts -nodes -out key.pem

    You can generate the fingerprint:

    • openssl x509 -fingerprint -inform DER < cert.der


    Remove the ":" characters from the fingerprint and you will be good to go. 

    --Rob





    Friday, July 29, 2011 7:56 PM

All replies

  • I use openssl to create keys and convert formats.  You can create the keys directly with:

    • openssl req -outform DER -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout key.pem -out cert.der

    Your public key will be in cert.der.  Your private key will be in key.pem.

    openssl can also convert windows *pfx files appropriately:

    • openssl pkcs12 -in your-keys.pfx -nokeys -clcerts -out cert.cer
    • openssl pkcs12 -in your-keys.pfx -nocerts -nodes -out key.pem

    You can generate the fingerprint:

    • openssl x509 -fingerprint -inform DER < cert.der


    Remove the ":" characters from the fingerprint and you will be good to go. 

    --Rob





    Friday, July 29, 2011 7:56 PM
  • Hello Rob,

    I found your post about getting the HealthVault PHP API to work with your own app.id, app.fp, and app.pem.  I have been struggling for months to get it to work.  Would you mind sharing exactly what you did?  See my post here:

    http://social.msdn.microsoft.com/Forums/en-US/9bc952f1-1935-4b20-ad81-8bfbfac72e67/php-api-application-id-private-key-public-key-wrong-response?forum=healthvault

    Thanks,

    Greg

    Thursday, April 17, 2014 11:16 PM