从Windows Server 2012迁移到CentOS 7.带有curl的PHP7。在Windows上运行时,带私钥的pkcs12 pem证书工作正常,connect返回相关数据。但是,在CentOS 7上,我得到了一个 curl:(58)SSL对等方拒绝您的证书已过期 ,以及此读取错误: SSL读取:错误-12269(SSL_ERROR_EXPIRED_CERT_ALERT )
截至本文,证书尚未过期。在到期日期之前更换,请假设证书未过期。
详细结果如下
Trying 148.142.64.105...
Connected to markets.midwestiso.org (148.142.64.105) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
skipping SSL peer certificate verification
SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
Server certificate:
subject: CN=markets.midwestiso.org,O=Midwest ISO,L=Carmel,ST=Indiana,C=US
start date: Aug 09 13:31:46 2016 GMT
expire date: Aug 25 14:01:45 2019 GMT
common name: markets.midwestiso.org
issuer: CN=Entrust Certification Authority - L1K,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
POST /darteor/xml/query HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1)
Gecko/20100101 Firefox/4.0.1
Host: markets.midwestiso.org
Accept: */*
Content-Length: 375
Content-Type: application/x-www-form-urlencoded
upload completely sent off: 375 out of 375 bytes
skipping SSL peer certificate verification
NSS: client certificate from file
subject: UID=xxxxx,E=xxx,CN=xxx,OU=xx,O=xx,C=xx
**start date: Nov 02 15:38:21 2015 GMT
expire date: Nov 01 15:38:21 2016 GMT**
common name: xx
issuer: xx
SSL read: errno -12269 (SSL_ERROR_EXPIRED_CERT_ALERT)
SSL peer rejected your certificate as expired.
Closing connection 0
curl_getinfo如下:
[url] => https://markets.midwestiso.org/darteor/xml/query
[content_type] =>
[http_code] => 0
[header_size] => 0
[request_size] => 621
[filetime] => -1
[ssl_verify_result] => 0
[redirect_count] => 0
[total_time] => 0.478578
[namelookup_time] => 0.060583
[connect_time] => 0.106785
[pretransfer_time] => 0.304066
[size_upload] => 375
[size_download] => 0
[speed_download] => 0
[speed_upload] => 783
[download_content_length] => -1
[upload_content_length] => 375
[starttransfer_time] => 0
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 148.142.64.105
[certinfo] => Array
(
"Not sure why blank here, seems like a bug"
)
[primary_port] => 443
[local_ip] => 192.x.x.x
[local_port] => 43352
PHP 7卷曲代码如下:
$interval = '2016-10-18';
$cert1 = '/xxx/xxx/xxx.pem'; //contains the private key
$pass1 = 'xxxx';
$soapreq ='<?xml version="1.0"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Header/>
<Body>
<QueryRequest xmlns="http://markets.midwestiso.org/dart/xml" party="xxx">
<QueryRealTimeIntegratedLMP day="'.$interval.'">
<All/>
</QueryRealTimeIntegratedLMP>
</QueryRequest>
</Body>
</Envelope>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://markets.midwestiso.org/darteor/xml/query");
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSLCERT, $cert1);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $pass1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $soapreq);
echo $rslt = curl_exec($ch);
$info = curl_getinfo($ch);
echo "\n".$err = curl_errno($ch);
echo "\n";
print_r($info);
$certInfo = curl_getinfo($ch, CURLINFO_CERTINFO);
print_r($certInfo);
我目前非常困难,并且会喜欢一点指导
由于