无法使用客户端证书(找不到密钥或密码错误?)
[英]unable to use client certificate(no key found or wrong pass phrase?)
问题描述
I am trying to make a SOAP call to a server using CURL as belows. 
我正在尝试使用CURL对服务器进行SOAP调用,如下所示。
The Requirement is 要求是
We need to pass the ssl certificate and pass the Username and Password
$ssl = "ssl_file_relative_address.pem";
$pub_ssl_password = 'mynameiskhan';
//Get the data
$data = the_data_xml.xml;
//Get the WSDL Address
$wsdl = "address/to/wsdl?parameter=value";
$soapUser = "Username"; // username
$soapPassword = "password"; // password
$options = [
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_FOLLOWLOCATION => TRUE,
CURLOPT_SSL_VERIFYHOST => FALSE,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_URL => $wsdl,
CURLOPT_SSLCERT => $ssl,
//CURLOPT_SSLCERTPASSWD => $pub_ssl_password,
CURLOPT_USERPWD => $soapUser.":".$soapPassword,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC
];
$ch = curl_init();
curl_setopt_array($ch , $options);
$response = curl_exec($ch);
//curl_close($ch);
if (curl_errno($ch)) {
print curl_error($ch);
}
I'm getting the following Error from CURL : unable to use client certificate (no key found or wrong pass phrase?) 我从CURL中收到以下错误:无法使用客户端证书(找不到密钥或密码短语错误?)
What is it that I'm doing Wrong... 我做错了什么...
2 个解决方案
解决方案1
1 已采纳 2016-03-03 12:01:37
Found the Solution. 找到了解决方案。 It required an intermediate CA Certificate. 它需要一个中间的CA证书。
The Solution is 解决方案是
$options = [
CURLOPT_HTTPHEADER => ['Content-type: application/json'],
CURLOPT_URL => 'https://address/to/service?param=value',
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_CAINFO => getcwd()."\cacert.pem",
URLOPT_SSLCERT => getcwd().'\cert.pem',
CURLOPT_SSLCERTPASSWD => 'ssl_password',
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_USERPWD => $soapUser.":".$soapPassword,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => $data
];
$ch = curl_init();
curl_setopt_array($ch , $options);
$response = curl_exec($ch);
if (curl_errno($ch)) {
print curl_error($ch);
}else{
print_r($response);
}
curl_close($ch);
Do not forget to mention the CURLOPT_HTTPHEADER to its content type, it is important. 不要忘记在其内容类型中提及CURLOPT_HTTPHEADER,这一点很重要。
Also download the intermediate certificate from https://curl.haxx.se/ca/cacert.pem . 还可以从https://curl.haxx.se/ca/cacert.pem下载中间证书。 It contains all the valid CA's. 它包含所有有效的CA。
Thanks @drew010 for help. 感谢@ drew010的帮助。
解决方案2
0 2016-03-01 20:12:44
When you specify a client authentication certificate using CURLOPT_SSLCERT , the PEM file should contain a -----BEGIN CERTIFICATE----- line followed by the certificate. 当使用CURLOPT_SSLCERT指定客户端身份验证证书CURLOPT_SSLCERT ,PEM文件应包含-----BEGIN CERTIFICATE-----行以及证书。
You also need to supply cURL with the corresponding private key to the certificate using CURLOPT_SSLKEY which is a file beginning with -----BEGIN PRIVATE KEY----- . 您还需要使用CURLOPT_SSLKEY向cURL提供证书的相应私钥, CURLOPT_SSLKEY是一个以-----BEGIN PRIVATE KEY-----开头的文件。
If the private key is in ssl_file_relative_address.pem , then try copying the private key to a separate file. 如果私钥位于ssl_file_relative_address.pem ,则尝试将私钥复制到单独的文件中。
If the private key is encrypted, you can specify the password using CURLOPT_SSLKEYPASSWD . 如果私钥已加密,则可以使用CURLOPT_SSLKEYPASSWD指定密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.