Prerequisites
Avinor has issued a PKCS #12 container with a certificate and a private key:
- your-company.pfx
Test the SSL/TLS connection
Extract the certificate from the PKCS container
Parse the PKCS #12 file. Used parsing options:
-clcerts Only output client certificates (not CA certificates).
-in filename This specifies filename of the PKCS#12 file to be parsed.
-nokeys No private keys will be output.
-out filename The filename to write the certificate to.
openssl pkcs12 -in your-company.pfx -clcerts -nokeys -out client_ssl.crt
Extract the private key from the PKCS container
Parse the PKCS#12 file. Used parsing options:
-in filename This specifies filename of the PKCS#12 file to be parsed.
-nodes Don't encrypt the private keys at all.
- -out filename The filename to write the certificate to.
openssl pkcs12 -in your-company.pfx -nocerts -nodes -out client_ssl.key
Test client certificate with openssl
Connect to the remote host using SSL/TLS. Used options:
-CAfile file A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain.
-cert certname The certificate to use.
-connect host:port This specifies the host and optional port to connect to.
-key keyfile The private key to use.
-servername name Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
openssl s_client -connect asrv-test.avinor.no:443 -servername asrv-test.avinor.no -cert client_ssl.crt -key client_ssl.key -CAfile your-company.pem
Test client certificate with curl
Create a curl.data file with the content:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:deic="http://www.asrv.aero/webservices/1.0/DeIceDataSetService" xmlns:dat="http://www.asrv.aero/webservices/1.0/DeIceDataSetService/datadefinitions">
<soapenv:Header/>
<soapenv:Body>
<deic:submitDeIceDataRequest>
<dat:transData>
<dat:correlationId>TEST_MANUAL</dat:correlationId>
<dat:sourceOrganization>FOOBAR</dat:sourceOrganization>
<dat:sourceTimestamp>1970-01-01T01:01:01Z</dat:sourceTimestamp>
</dat:transData>
<dat:deIceData>
<flightLegIdentifier>
<dat:ifplId>AA12345678</dat:ifplId>
<dat:callsign>ABC1234</dat:callsign>
<dat:aircraftRegistration>CD12345678</dat:aircraftRegistration>
<dat:ssrCode>1234</dat:ssrCode>
<dat:flightId>AB1234</dat:flightId>
<dat:flightDepartureDate>1970-01-01</dat:flightDepartureDate>
<dat:departureAirportIATA>ABC</dat:departureAirportIATA>
<dat:arrivalAirportIATA>DEF</dat:arrivalAirportIATA>
<dat:departureAirportICAO>ABCD</dat:departureAirportICAO>
<dat:arrivalAirportICAO>DEFG</dat:arrivalAirportICAO>
</flightLegIdentifier>
<deIceIsRequested>true</deIceIsRequested>
<deIceProcessStatus>DeIceRequested</deIceProcessStatus>
<deIcePlatform>alfa nord</deIcePlatform>
<deIceParkingPosition>ABCD1234</deIceParkingPosition>
<deIceConditionCode>01</deIceConditionCode>
<deIceAirTemperature>0</deIceAirTemperature>
<erzt>1970-01-01T01:02:04Z</erzt>
<arzt>1970-01-01T01:02:05Z</arzt>
<eczt>1970-01-01T01:02:06Z</eczt>
<aczt>1970-01-01T01:02:07Z</aczt>
<eezt>1970-01-01T01:02:08Z</eezt>
<aezt>1970-01-01T01:02:09Z</aezt>
<edit>PT1M</edit>
<adit>PT2M</adit>
<mechanicalDeIceIsUsed>true</mechanicalDeIceIsUsed>
<antiIceStartHoldoverTime>1970-01-01T01:03:02Z</antiIceStartHoldoverTime>
<deIceFluidUsage>
<deIceFluidType>Type 1</deIceFluidType>
<deIceFluidVolume>123</deIceFluidVolume>
</deIceFluidUsage>
</dat:deIceData>
</deic:submitDeIceDataRequest>
</soapenv:Body>
</soapenv:Envelope>
Issue a curl command with the client certificate, the client key, and the example data from the steps above:
curl \ --cert client_ssl.crt \ --data @curl.data \ --header "Content-type: text/xml;charset=UTF-8" \ --header 'SOAPAction: "SubmitDeIceData"' \ --include \ --key client_ssl.key \ --request POST \ https://asrv-test.avinor.no/DeIceDataSetService/v1/DeIceDataSetService