[英]Add client certificate in socket connection
I am stuck with this problem since last few days but could not get any solution. 自最近几天以来,我一直困扰于此问题,但无法获得任何解决方案。
I am using net php-epp client and here is my code... 我正在使用net php-epp客户端,这是我的代码...
$context = stream_context_create(
array(
'ssl'=>array(
'local_cert'=> dirname(__FILE__).'/cert.pem',
'passphrase' => dirname(__FILE__).'/key.pem',
)
)
);
$greeting = $client->connect($host, $port, $timeout, $ssl, $context);
echo $greeting;
I am getting following error... 我遇到以下错误...
Warning: stream_socket_client(): Unable to set private key file
And before you ask key.pem
starts with -----BEGIN RSA PRIVATE KEY-----
and cert.pem
starts with -----BEGIN CERTIFICATE-----
在您询问
key.pem
以-----BEGIN RSA PRIVATE KEY-----
开头和cert.pem
以-----BEGIN CERTIFICATE-----
开头
However i can connect using... 但是我可以使用...连接
openssl s_client -connect epp.dom.net:700 -key key.pem -cert cert.pem -CApath /etc/ssl/certs/
This command shows connected, so does that mean my certificates are fine? 此命令显示已连接,这是否意味着我的证书很好?
Please someone help me to fix this. 请有人帮我解决这个问题。 Please
请
Thank You. 谢谢。
According to the PHP documentation , the private key must be specified in the local_pk
stream context option. 根据PHP文档 ,必须在
local_pk
流上下文选项中指定local_pk
。 The passphrase
option (which you are currently using) is necessary when the private key file itself was encrypted with a passphrase: 当私钥文件本身使用密码短语加密时,必须使用
passphrase
选项(当前正在使用):
local_pk
stringlocal_pk
字符串Path to local private key file on filesystem in case of separate files for certificate (local_cert) and private key.
如果证书(local_cert)和私钥使用单独的文件,则文件系统上本地私钥文件的路径。
passphrase
stringpassphrase
字符串Passphrase with which your local_cert file was encoded.
用来编码local_cert文件的密码。
This means your stream context should be initialized like this: 这意味着您的流上下文应该像这样初始化:
$context = stream_context_create(array(
'ssl' => array(
'local_cert' => dirname(__FILE__) . '/cert.pem',
'local_pk' => dirname(__FILE__) . '/key.pem',
)
));
Alternatively, you can also concatenate certificate and private key into one file and use the local_cert
option only (plus a passphrase
option if -- and only if -- your private key is encrypted with a passphrase). 或者,您也可以将证书和私钥连接到一个文件中,并仅使用
local_cert
选项(如果且仅当您的私钥使用密码加密时,再加上passphrase
选项)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.