SSL证书问题无法获得本地颁发者证书

Question

我试图将数据发布到支付网关API。它需要xml格式的发布数据。我有以下代码：

<?php
$requestUrl = 'https://api.given.bypg'; //$block->getPaymentUrl();

$amount = 100; // $block->totalOrderAmount()*100; 

$approveUrl = $block->approveUrl();
$cancelUrl =  $block->cancelUrl();
$declineUrl = $block->declineUrl();


$merchant = 'mydomain.com'; 
//$amount = '100'; // in cents. 1$ = 100cents. 
$currency = '840'; // for dollar
$description = 'Happy customers is what we make.';
$merchantId = 'Nobel106513';
?>

<?php
echo $requestUrl;
$xml_data = '<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language>EN</Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>'.$merchantId.'</Merchant>
<Amount>'.$amount.'</Amount>
<Currency>'.$currency.'</Currency>
<Description>'.$description.'</Description>
<ApproveURL>'.$approveUrl.'</ApproveURL>
<CancelURL>'.$cancelUrl.'</CancelURL>
<DeclineURL>'.$declineUrl.'</DeclineURL>
</Order>
</Request>
</TKKPG>';

$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $requestUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_CAPATH, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CAINFO, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CERTINFO, 1);

        $headers = [];
        array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
        //array_push($headers, 'SoapAction: *');
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $content = trim(curl_exec($ch));
        var_dump($content);
        var_dump(curl_getinfo($ch));
        var_dump(curl_errno($ch));
        var_dump(curl_error($ch));
        curl_close($ch);

1. var_dump($content);的输出为空''。

2. var_dump(curl_getinfo($ch));的输出。

   数组（大小= 26）
   ＆＃39;网址＆＃39; =＆GT;字符串＆＃39; https://api.given.bypg＆＃39;
   ＆＃39; CONTENT_TYPE＆＃39; =＆GT;空
   ＆＃39; HTTP_CODE＆＃39; =＆GT; int 0
   ＆＃39; header_size＆＃39; =＆GT; int 0
   ＆＃39; request_size＆＃39; =＆GT; int 0
   ＆＃39; FILETIME＆＃39; =＆GT; int -1
   ＆＃39; ssl_verify_result＆＃39; =＆GT; int 1 ＆＃39; redirect_count＆＃39; =＆GT; int 0
   ＆＃39; TOTAL_TIME＆＃39; =＆GT;漂浮0.488533
   ＆＃39; namelookup_time＆＃39; =＆GT;漂浮0.028558
   ＆＃39; CONNECT_TIME＆＃39; =＆GT;漂浮0.256858
   ＆＃39; pretransfer_time＆＃39; =＆GT;浮0 ＆＃39; size_upload＆＃39; =＆GT;浮0 ＆＃39; size_download＆＃39; =＆GT;浮0 ＆＃39; speed_download＆＃39; =＆GT;浮0 ＆＃39; speed_upload＆＃39; =＆GT;浮0 ＆＃39; download_content_length＆＃39; =＆GT; float -1
   ＆＃39; upload_content_length＆＃39; =＆GT; float -1
   ＆＃39; starttransfer_time＆＃39; =＆GT;浮0 ＆＃39; redirect_time＆＃39; =＆GT;浮0 ＆＃39; REDIRECT_URL＆＃39; =＆GT;字符串＆＃39;＆＃39; （长度= 0）
   ＆＃39; primary_ip＆＃39; =＆GT;字符串＆＃39; 91.227.244.57＆＃39; （长度= 13）
   ＆＃39; certinfo＆＃39; =＆GT;
   数组（大小= 0）
     空
   ＆＃39; primary_port＆＃39; =＆GT; int 8444
   ＆＃39; local_ip＆＃39; =＆GT;字符串＆＃39; 192.168.100.64＆＃39; （长度= 14）
   ＆＃39; LOCAL_PORT＆＃39; =＆GT; int 53456
   

3. var_dump(curl_errno($ch));的输出：int 60

4. 输出 var_dump(curl_error($ch)); ：

   字符串＆＃39; SSL证书问题：无法获得本地颁发者证书＆＃39; （长度= 63） 似乎API没有返回curl_getinfo（）上看到的数据。请帮助我，我已经看到了社区中建议的几乎所有解决方案。

我已编辑了我的php.ini文件，以提供从curl网站下载的证书的路径。但这并没有奏效。

Answer 1

当您连接到服务器以建立安全连接时，您作为客户端在与对话开始时获取服务器的证书。此证书及其私钥用于建立安全连接。您的客户端希望确保服务器的证书是可信的，而不是由某个中间人攻击者创建的。因此，您的客户端需要具有签署服务器证书的CA证书。上面的错误意味着客户端试图找到服务器的证书颁发者（或链中的一个发行者）并且没有找到。它试图找到它的位置在指定的/etc/apache2/ssl/m4/mydomain.com.crt文件中。您有两种选择：通过将CURLOPT_SSL_VERIFYPEER设置为false，将CA证书添加到文件或禁用服务器证书验证（不安全）。

Answer 2

我得到了我的API提供商的支持，他们指出了我的方法中缺少的东西。对于他们的网关，我需要加载在curl请求中保护这些密钥的私钥，公钥和密码。解决方案如下：

/*ssl crts*/
$twpg_cert_file = "/etc/apache2/ssl/m4/mydomain.com.crt";
$twpg_key_file = "/etc/apache2/ssl/m4/mydomain.com.key";
$twpg_key_password = '';
/*ssl crts*/
$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $requestUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_SSLCERT,  $twpg_cert_file);
        curl_setopt($ch, CURLOPT_SSLKEY, $twpg_key_file);
        curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $twpg_key_password);
        curl_setopt($ch, CURLOPT_CERTINFO, 1);
        $headers = [];
        array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $content = trim(curl_exec($ch));
        curl_close($ch);

现在每件事都按预期工作。