[英]PDO with self signed certificates
I'm still tryin to connect with PDO to a remote MySQL database. 我仍在尝试将PDO连接到远程MySQL数据库。 Customer provide self signed certificates, client-key.pem
and client-cert.pem
. 客户提供自签名证书client-key.pem
和client-cert.pem
。 Certificates are good, I can connect to remote db using mysql client. 证书很好,我可以使用mysql客户端连接到远程数据库。 This is where I instantiate a PDO object to connect to db. 这是我实例化PDO对象以连接到db的地方。
pdoDb = new PDO(
'mysql:host=customer_host_name;dbname=customer_db_name',
'my_username',
'my_password',
array(
PDO::MYSQL_ATTR_SSL_KEY=>'C:/Apache24/htdocs/CLIENT/lib/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT=>'C:/Apache24/htdocs/CLIENT/lib/client-cert.pem'
));
I'm getting this error when I instantiate PDO object: 实例化PDO对象时出现此错误:
Warning: PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in C:\Apache24\htdocs\CUSTOMER\lib\database.php on line 17
I think code was correct but I'm newbie to PHP. 我认为代码是正确的,但是我是PHP的新手。
Update Pardon me. 更新原谅我。 I forgot to mention that I didn't specify a value for MYSQL_ATTR_SSL_CA
because customer doesn't give me one. 我忘记提及我没有为MYSQL_ATTR_SSL_CA
指定值,因为客户没有给我一个值。 Sorry. 抱歉。 Is MYSQL_ATTR_SSL_CA
mandatory to PDO
(or mysqli
)? MYSQL_ATTR_SSL_CA
是否对PDO
(或mysqli
)强制?
When generating your certificates you have to use the right "Common Name" for each one: 生成证书时,必须为每个证书使用正确的“通用名称”:
CA: hostname
Server: FQDN, e.g. hostname.example.com
Client: somename
The important part is the server certificate where the Common Name has to be the same as the host you are connecting to, eg hostname.example.com. 重要的部分是服务器证书,其中“通用名”必须与您要连接的主机相同,例如hostname.example.com。
$pdoDb = new PDO(
'mysql:host=customer_host_name;dbname=customer_db_name',
'my_username',
'my_password',
array(
PDO::MYSQL_ATTR_SSL_KEY => 'C:/Apache24/htdocs/CLIENT/lib/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT => 'C:/Apache24/htdocs/CLIENT/lib/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA => 'C:/Apache24/htdocs/CLIENT/lib/ca-cert.pem',
PDO::MYSQL_ATTR_SSL_CIPHER => 'CAMELLIA128-SHA'
)
);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.