问题描述
如果这个问题很愚蠢,请问我,但是我是这个领域的新手。
我需要从Drupal 7站点通过SSL连接到服务。我有一个带有 .p12扩展名的文件和一个密码。另外,我使用PHP 7.1 1和Windows 7 64x。
我使用以下命令将.p12文件转换为.pem文件。
Excuse me if the question is silly, but I'm a novice in this area.I need to connect to a service via SSL from a Drupal 7 site. I have a file with a ".p12" extension and a password for it. Also, I use PHP 7.1 1 and Windows 7 64x.I converted .p12-file into .pem-file using the following command.
openssl pkcs12 -in myfile.p12 -out myfile.pem
在我将Openssl安装到计算机中并向Windows添加路径之前。
之后,我尝试使用以下代码通过CURL函数连接到服务器。
Before I installed Openssl into my computer and added paths into Windows.After it I'm trying to use the following code for connecting to the server using CURL functions.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'my_addr');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLCERT, 'myfile.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'mypsw');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
if ($result === FALSE){
$curl_error = curl_error($ch);
}
curl_close($ch);
不幸的是,curl_exec返回FALSE,curl_error返回以下内容:
Unfortunately, curl_exec returns FALSE and curl_error returns the following:
could not load PEM client certificate, OpenSSL error error:02001003:system library:fopen:No such process, (no key found, wrong pass phrase, or wrong file format?)
我决定在Linux共享主机上的客户端站点上执行此代码,而我决定本地主机可在Windows 7 64x上运行。该代码已执行,没有任何错误,但是curl_exec返回一个空字符串。
I decide to execute this code on the client's site which is on a Linux shared hosting, whereas my localhost works on Windows 7 64x. The code is executed without any errors, but curl_exec returns a void string.
我想澄清一下,我做错了什么,为什么不想加载PEM客户端证书?我应该如何在本地主机上解决此问题?
我不能放弃使用Windows 7而是开始使用Linux。
I want to clarify, what am I doing wrong and why PEM client certificate doesn't want to load? What should I do on my localhost to solve this problem? I can't give up using Windows 7 and start using Linux instead it.
推荐答案
对于SSL验证,需要pem格式的证书,它的关联私钥(openssl格式)和以pem格式签署证书的证书颁发机构的根证书。
For a SSL verification you need a cert in pem format, it's associated private key (in openssl format) and the root certificate of the certification authoritity that signed your certificate in pem format.
示例:
如果您不被告知,错误消息并不会很清楚,但它会说:
The error message is not really clear if your are not informed but it say it :
问候,
这篇关于如何解决错误“无法加载PEM客户端证书,OpenSSL错误:02001003:系统库:fopen:无此过程”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!