如何从localhost上的Symfony2控制器调用https(SSL)网址?我正在使用Debril RssAtomBundle软件包调用仅在https上的Google Blogger API,并且我不确定如何从localhost实现此功能。我的Google Blogger API调用肯定有效,因为该URL会在浏览器中返回预期的博客内容。我想确保代码也是安全的。
调用URL时出现的错误是:
SSL证书问题,验证CA证书是否正常
答案 0 :(得分:0)
The error I get when calling the URL is: SSL certificate problem, verify that the CA cert is OK
听起来您需要使用Google Internet Authority G2作为信任锚。对于*.blogger.com,Google的CA似乎也由GeoTrust Global CA签名:
$ openssl s_client -connect blogger.com:443
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.blogger.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
...
Start Time: 1407035752
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
将Google CA用作信任锚后,它会验证确定(请注意添加-CAfile选项):
$ openssl s_client -connect blogger.com:443 -CAfile GIAG2.pem
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.blogger.com
verify return:1
...
Start Time: 1407035642
Timeout : 300 (sec)
Verify return code: 0 (ok)
提示:下载GIAG2.crt后,您需要将其从ASN.1 / DER转换为带openssl x509 -in GIAG2.crt -inform DER -out GIAG2.pem -outform PEM的PEM。