无法完成SSL / TLS握手并设置本地证书链文件

时间:2017-06-18 18:38:55

标签: php sockets ssl tcp reactphp

我可以使用以下脚本创建一个ssl密钥和证书:

<?php
$name='example_ss';  //Will add _key.pem, _crt.pem, _csr.pem
$data = [
    "countryName" => "US",
    "stateOrProvinceName" => "CA",
    "localityName" => "San Francisco",
    "organizationName" => "example.net",
    "organizationalUnitName" => "example.net",
    "commonName" => "example.net",
    "emailAddress" => "exampleATgmailDOTcom"
];
$pem_passphrase = 'secret';

// Generate certificate
$key = openssl_pkey_new();
$csr = openssl_csr_new($data, $key);
$csr = openssl_csr_sign($csr, null, $key, 365);

// Generate PEM file
$pem = [];
openssl_x509_export($csr, $pem[0]);
file_put_contents($name.'_crt.pem', $pem[0]);
//openssl_pkey_export($key, $pem[1], $pem_passphrase); //Remove $pem_passphrase for none
openssl_pkey_export($key, $pem[1]); //Remove $pem_passphrase for none
$pem = implode($pem);

file_put_contents($name.'_key.pem', $pem);

根据需要移动它们:

sudo mv example_ss_crt.pem /etc/pki/tls/certs/example_ss_crt.pem
sudo mv example_ss_key.pem /etc/pki/tls/private/example_ss_key.pem

一切正常。

但是当我手动创建它们时((w /和w / o使用-sha256)

openssl req -x509 -newkey rsa:4096 -keyout example_ss_key.pem -out example_ss_crt.pem -days 365 -nodes

按照我之前的操作移动它们,我收到以下错误:

Unable to complete SSL/TLS handshake: stream_socket_enable_crypto():
Unable to set local cert chain file `/etc/pki/tls/private/example_ss_key.pem';
Check that your cafile/capath settings include details of your certificate and its issuer

这两组键之间的区别是什么?如何手动创建它们?我不认为它是相关的,但它们被用于Centos7和Raspberry Pi之间的tcp套接字连接。

EDIT。使用以下脚本创建服务器。我没有使用密码。

    $loop = \React\EventLoop\Factory::create();
    $server = new \React\Socket\TcpServer($this->host['url'].':'.$this->host['port'], $loop);
    if($this->host['tls']) {
        $server = $this->host['privateKey']
        ?new \React\Socket\SecureServer($server, $loop, ['local_cert' => $this->host['privateKey'],'passphrase' => $this->host['passphrase'] ])
        :new \React\Socket\SecureServer($server, $loop, ['local_cert' => $this->host['privateKey'] ]);
    }

虚假的错误。 http://php.net/manual/en/context.ssl.php

  

local_cert string文件系统上本地证书文件的路径。它   必须是包含您的证书和私有的PEM编码文件   键。它可以选择包含颁发者的证书链。该   私钥也可以包含在指定的单独文件中   local_pk

0 个答案:

没有答案
相关问题
最新问题