SSL证书问题无法获得本地颁发者证书

时间:2018-01-11 08:26:49

标签: ssl curl ssl-certificate php-curl

我试图将数据发布到支付网关API。它需要xml格式的发布数据。我有以下代码:

<?php
$requestUrl = 'https://api.given.bypg'; //$block->getPaymentUrl();

$amount = 100; // $block->totalOrderAmount()*100; 

$approveUrl = $block->approveUrl();
$cancelUrl =  $block->cancelUrl();
$declineUrl = $block->declineUrl();


$merchant = 'mydomain.com'; 
//$amount = '100'; // in cents. 1$ = 100cents. 
$currency = '840'; // for dollar
$description = 'Happy customers is what we make.';
$merchantId = 'Nobel106513';
?>

<?php
echo $requestUrl;
$xml_data = '<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language>EN</Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>'.$merchantId.'</Merchant>
<Amount>'.$amount.'</Amount>
<Currency>'.$currency.'</Currency>
<Description>'.$description.'</Description>
<ApproveURL>'.$approveUrl.'</ApproveURL>
<CancelURL>'.$cancelUrl.'</CancelURL>
<DeclineURL>'.$declineUrl.'</DeclineURL>
</Order>
</Request>
</TKKPG>';

$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $requestUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_CAPATH, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CAINFO, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CERTINFO, 1);

        $headers = [];
        array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
        //array_push($headers, 'SoapAction: *');
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $content = trim(curl_exec($ch));
        var_dump($content);
        var_dump(curl_getinfo($ch));
        var_dump(curl_errno($ch));
        var_dump(curl_error($ch));
        curl_close($ch);
  1. var_dump($content);的输出为空''
  2. var_dump(curl_getinfo($ch));的输出。

    数组(大小= 26)
    &#39;网址&#39; =&GT;字符串&#39; https://api.given.bypg&#39;
    &#39; CONTENT_TYPE&#39; =&GT;空
    &#39; HTTP_CODE&#39; =&GT; int 0
    &#39; header_size&#39; =&GT; int 0
    &#39; request_size&#39; =&GT; int 0
    &#39; FILETIME&#39; =&GT; int -1
    &#39; ssl_verify_result&#39; =&GT; int 1 &#39; redirect_count&#39; =&GT; int 0
    &#39; TOTAL_TIME&#39; =&GT;漂浮0.488533
    &#39; namelookup_time&#39; =&GT;漂浮0.028558
    &#39; CONNECT_TIME&#39; =&GT;漂浮0.256858
    &#39; pretransfer_time&#39; =&GT;浮0 &#39; size_upload&#39; =&GT;浮0 &#39; size_download&#39; =&GT;浮0 &#39; speed_download&#39; =&GT;浮0 &#39; speed_upload&#39; =&GT;浮0 &#39; download_content_length&#39; =&GT; float -1
    &#39; upload_content_length&#39; =&GT; float -1
    &#39; starttransfer_time&#39; =&GT;浮0 &#39; redirect_time&#39; =&GT;浮0 &#39; REDIRECT_URL&#39; =&GT;字符串&#39;&#39; (长度= 0)
    &#39; primary_ip&#39; =&GT;字符串&#39; 91.227.244.57&#39; (长度= 13)
    &#39; certinfo&#39; =&GT;
    数组(大小= 0)
      空
    &#39; primary_port&#39; =&GT; int 8444
    &#39; local_ip&#39; =&GT;字符串&#39; 192.168.100.64&#39; (长度= 14)
    &#39; LOCAL_PORT&#39; =&GT; int 53456

  3. var_dump(curl_errno($ch));的输出:int 60

  4. 输出 var_dump(curl_error($ch));

    字符串&#39; SSL证书问题:无法获得本地颁发者证书&#39; (长度= 63) 似乎API没有返回curl_getinfo()上看到的数据。请帮助我,我已经看到了社区中建议的几乎所有解决方案。

  5. 我已编辑了我的php.ini文件,以提供从curl网站下载的证书的路径。但这并没有奏效。

2 个答案:

答案 0 :(得分:2)

当您连接到服务器以建立安全连接时,您作为客户端在与对话开始时获取服务器的证书。此证书及其私钥用于建立安全连接。您的客户端希望确保服务器的证书是可信的,而不是由某个中间人攻击者创建的。因此,您的客户端需要具有签署服务器证书的CA证书。上面的错误意味着客户端试图找到服务器的证书颁发者(或链中的一个发行者)并且没有找到。它试图找到它的位置在指定的/etc/apache2/ssl/m4/mydomain.com.crt文件中。您有两种选择:通过将CURLOPT_SSL_VERIFYPEER设置为false,将CA证书添加到文件或禁用服务器证书验证(不安全)。

答案 1 :(得分:0)

我得到了我的API提供商的支持,他们指出了我的方法中缺少的东西。对于他们的网关,我需要加载在curl请求中保护这些密钥的私钥,公钥和密码。解决方案如下:

/*ssl crts*/
$twpg_cert_file = "/etc/apache2/ssl/m4/mydomain.com.crt";
$twpg_key_file = "/etc/apache2/ssl/m4/mydomain.com.key";
$twpg_key_password = '';
/*ssl crts*/
$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $requestUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_SSLCERT,  $twpg_cert_file);
        curl_setopt($ch, CURLOPT_SSLKEY, $twpg_key_file);
        curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $twpg_key_password);
        curl_setopt($ch, CURLOPT_CERTINFO, 1);
        $headers = [];
        array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $content = trim(curl_exec($ch));
        curl_close($ch);

现在每件事都按预期工作。