[英]cURL with SSL certificates fails: error 58 unable to set private key file
I'm trying to connect to a remote host using cURL. The connection requires the use of a certificate and a private key which is password protected.我正在尝试使用 cURL 连接到远程主机。连接需要使用证书和受密码保护的私钥。 So far I'm unsuccessful with this code below:
到目前为止,我没有成功使用以下代码:
<?php
$wsdl = 'https://domain.com/?wsdl';
$certFile = getcwd() . '/auth/cert.pem';
$keyFile = getcwd() . '/auth/key.pem';
$password = 'pwd';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wsdl);
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $password);
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);
#curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$output = curl_exec($ch);
var_dump(curl_errno($ch));
var_dump(curl_error($ch));
The result I keep getting is error 58
: unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM
.我不断得到的结果是 error
58
: unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM
。
Things I've tried so far:到目前为止我尝试过的事情:
openssl_private_key()
gives me a resource, and not a boolean. So this seems good.openssl_private_key()
传递文件给了我一个资源,而不是 boolean。所以这看起来不错。SLL_VERIFY_PEER
, SSL_VERIFY_HOST
, SSL_CERTTYPE
and other options which seemed trivial regarding the official PHP-docs.SLL_VERIFY_PEER
、 SSL_VERIFY_HOST
、 SSL_CERTTYPE
和其他选项,这些选项对于官方 PHP 文档来说似乎微不足道。 No luck so far. I'm pretty sure the problem lies somehwere in my configuration, but I'm not sure where to look.我很确定问题出在我的配置中,但我不确定去哪里找。
I've fixed this problem. 我已经解决了这个问题。 I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution.
我认为,由于与此问题相关的问题数量众多,并且解决方案数量众多,因此其他人将从该解决方案中受益。 Here goes:
开始:
I used the openssl
CLI program to convert the .p12 key-file to a .pem key-file. 我使用
openssl
CLI程序将.p12密钥文件转换为.pem密钥文件。 The trick is the way the conversion takes place. 诀窍是转换发生的方式。
First I converted it with this command and I had the issue as described in the question: 首先,我使用此命令对其进行了转换,并遇到了问题中所述的问题:
openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts
While the command below did the actual trick: 虽然下面的命令做了实际的把戏:
openssl pkcs12 -in key.p12 -out key.pem -clcerts
For more info please see the source I used: https://community.qualys.com/docs/DOC-3273 有关更多信息,请参见我使用的来源: https : //community.qualys.com/docs/DOC-3273
Just in case this is useful to others searching for this problem, I ended up discovering that CURLOPT_SSLCERT and CURLOPT_SSLKEY don't seem to work with relative paths. 以防万一这对其他搜索此问题的人有用,我最终发现CURLOPT_SSLCERT和CURLOPT_SSLKEY似乎不适用于相对路径。
This is with WAMP, php version 5.5 on Windows. 这是WAMP,Windows上的php版本5.5。
I got the same error when using the curl
and when searching found this question.我在使用
curl
时遇到了同样的错误,在搜索时发现了这个问题。 I was using the command curl --key my.pem https://example.com/
我正在使用命令
curl --key my.pem https://example.com/
The solution that worked for me was to add the --key option and point to the same PEM file.对我有用的解决方案是添加 --key 选项并指向同一个 PEM 文件。 Apparently, the PEM file (in my case) had the key as well as the certificate.
显然,PEM 文件(在我的例子中)有密钥和证书。
I tested it with the curl command:我用 curl 命令测试了它:
curl --cert my.pem --key my.pem https://example.com/my/url
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.