cURL不喜欢ssl证书中的主题和主机名不匹配

时间:2015-02-01 00:21:03

标签: php ssl curl https

我正在尝试自学SSL的工作原理。我需要通过rest连接两个服务器,通过cURL连接https。我得到了crt和密钥selfsigned ok,浏览器问通常你确定..打印全局显示ssl apache引擎正在工作......但curl不是..这里是代码(我正在尝试从debian上的虚拟框到debian开发服务器的cURL):

$url = 'https://local.domain.net/curl.php';

        // OK cool - then let's create a new cURL resource handle
        $ch = curl_init($url);

        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        // Set a referer
        //curl_setopt($ch, CURLOPT_REFERER, "http://www.internal-server.co.uk");

        // User agent
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/1.0");

        // Timeout in seconds
        //curl_setopt($ch, CURLOPT_TIMEOUT, 10);

        //don't verify the signiture
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

        // Include header in result? (0 = yes, 1 = no)
        //curl_setopt($ch, CURLOPT_HEADER, 0 );

        // Should cURL return or print out the data? (true = return, false = print)
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        //set the basic auth to any then set the creds
        curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
        $username = self::$http_username;
        $password = self::$http_password;
        curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");

        $status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);   //get status code

        // Download the given URL, and return output
        $output = curl_exec($ch);

        // Close the cURL resource, and free system resources
        curl_close($ch);

        print_r($output);

        echo '


';

当我在命令行上运行上面的php时,我得到以下内容:

0* About to connect() to local.domain.net port 443 (#0)
*   Trying 192.168.1.110...
* connected
* Connected to local.domain.net (192.168.1.110) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: CN=internal-server
*        start date: 2014-11-09 21:40:16 GMT
*        expire date: 2024-11-06 21:40:16 GMT
*** SSL: certificate subject name 'internal-server' does not match target host name 'local.domain.net'**
* Closing connection #0

通过以下方式在开发服务器上创建了ssl证书和密钥:

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt

它创建了证书和密钥,当我通过浏览器连接通常,'你确定'...但由于某种原因cURL通过php不会播放球..

是否可以使用openSSL手动设置证书的主题?

1 个答案:

答案 0 :(得分:0)

  

证书主题名称'内部服务器'与目标主机名不匹配' local.domain.net'

SSL证书绑定到特定域。在通过OpenSSL创建证书期间,它应该要求您输入域名(local.domain.net)。

浏览器会向您显示警告,不仅因为您使用了自签名证书,还因为它与域名不匹配。这个警告可能有很多不同的原因。

相关问题
最新问题