只能由Apache2 Web服务器上的CURL访问CER证书
[英]Make a CER Certificate accessible only by CURL on Apache2 Web-Server
问题描述
I have created a PHP script that authenticates automatically into a website that needs a client certificate, using CURL. 
我创建了一个PHP脚本,使用CURL自动对需要客户端证书的网站进行身份验证。
The certificate is always on my apache web-server, however it is accessible by typing the link of the certificate. 证书始终在我的Apache Web服务器上,但可以通过键入证书的链接来访问它。 Ex: www.testdomain.com/cert.cer (You can download it typing the link). 例如:www.testdomain.com/cert.cer(你可以下载输入链接)。
This kind of certificate must be private and not accessible just by typing the link. 此类证书必须是私有的,只需键入链接即可访问。 It is just needed to make the authentication, so that the PHP script can perform an action. 只需要进行身份验证,以便PHP脚本可以执行操作。
I am using CURL, PHP and Apache2 Server. 我使用的是CURL,PHP和Apache2 Server。 How can I block the CER certificate, so that only the script can access it? 如何阻止CER证书,以便只有脚本可以访问它? I have already tried to edit permissions, 770 (No Anonymous users), but then is neither accessible by the script. 我已经尝试编辑权限,770(没有匿名用户),但是脚本既不能访问它们。
Please help me! 请帮我! Any suggestion would be appreciated. 任何建议将不胜感激。
1 个解决方案
解决方案1
0 2016-06-03 06:09:56
Yes, it works! 是的,它有效! I have just used the full path. 我刚刚使用了完整的路径。
curl_setopt($ch, CURLOPT_SSLCERT, "/home/ubuntu/cert.cer");
curl_setopt($ch, CURLOPT_SSLKEY, "/home/ubuntu/cert.key");
I didn't think about it, and in fact php can access all the server. 我没有想到它,事实上php可以访问所有服务器。 Thank you 谢谢
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.