Having worked out why the certificate provided for the UMLSKS web service wasn't working (it was a Java keystore, not a standard PEM certificate), I found how to convert it to something PHP's SOAP client can use:
#!/bin/bash
NAME='YOUR_UMLS_USERNAME'
PASS='YOUR_UMLS_PASSWORD'
# Save the file you received from UMLS as $NAME.jks
# Uncomment the 3 lines below on the first run
# wget 'http://www.source-code.biz/snippets/java/Base64Coder.java.txt' -O 'Base64Coder.java'
# wget 'http://mark.foster.cc/pub/java/ExportPriv.old.java' -O 'ExportPriv.java' # the new version doesn't wrap lines at 64 characters
# javac Base64Coder.java ExportPriv.java
# list certificates in the keystore:
# keytool -list -v -keystore $NAME.jks -storepass $PASS
# export certificate as DER:
keytool -export -alias $NAME -keystore $NAME.jks -storepass $PASS -file $NAME.crt.der
# convert DER certificate to PEM:
openssl x509 -in $NAME.crt.der -inform DER -out $NAME.crt.pem -outform PEM
# export key as PKCS8:
java ExportPriv $NAME.jks $NAME $PASS > $NAME.pkcs8
# convert binary PKCS8 key to ASCII RSA:
openssl pkcs8 -nocrypt -in $NAME.pkcs8 -inform PEM -out $NAME.rsa -outform PEM
# combine DER certificate and RSA key into PEM :
cat $NAME.crt.pem $NAME.rsa > $NAME.pem
echo "Saved key/certificate pair as $NAME.pem"
# clean up:
# rm $NAME.crt.der
# rm $NAME.crt.pem
# rm $NAME.pkcs8
# rm $NAME.rsa
Comments
All fields are optional, email address will not be shown; no HTML, URLs are automatically hyperlinked.
Welcome to my life.
Easier method:
#Convert java keystore format to PKCS#12 keystore format.
keytool -importkeystore -srckeystore $NAME.jks -destkeystore $NAME.p12 -srcstoretype jks -deststoretype pkcs12
#Convert PKCS#12 keystore to PEM key/certificate pair
openssl pkcs12 -in $NAME.p12 -out $NAME.pem
echo "Saved key/certificate pair as $NAME.pem"
http://stackoverflow.com/questions/652916/converting-a-java-keystore-into-pem-format