cURL 58错误无法加载客户端密钥-8178
[英]cURL 58 error Unable to load client key -8178
问题描述
enter code hereI am trying to build me first ssl connection however i am unable to pinpoint what the reason is for error code 58 Unable to load. 
在这里输入代码我正在尝试建立我的第一个ssl连接,但是我无法查明错误代码58无法加载的原因。
i am using php curl to test the connection here is the code is use 我正在使用php curl来测试连接,这里是代码的使用
$port = "443";
$cert = getcwd() . "/controllers/ssl/certificate.pem";
$testxml = "testset/npsLv01.xml";
$headers = array(
'Content-Type: text/xml; charset="utf-8"',
'Content-Length: '.strlen($testxml),
'Accept: text/xml',
'Cache-Control: no-cache',
'Pragma: no-cache',
'SOAPAction: "Send"'
);
try {
$ch = curl_init($testurl);
if (FALSE === $ch)
throw new Exception('failed to initialize');
//curl opties om ssl verbinding op te zetten
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_SSLCERT, $cert);
curl_setopt($ch, CURLOPT_PORT, $port);
//post data afhandeling
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $testxml);
//headers voor het verwerken van de post
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
//timeout settings
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
//trying stuff out
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_CERTINFO, true);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//exec de request
$data = curl_exec($ch);
if (FALSE === $data)
throw new Exception(curl_error($ch), curl_errno($ch));
} catch(Exception $e) {
echo 'error code = ';
echo $e->getCode();
echo " error message = ";
echo $e->getMessage();
die;
}
var_dump($data); die;
when is exec this code i get the following error: error code = 58 error message = Unable to load client key -8178 当执行此代码时,我得到以下错误:错误代码= 58错误消息=无法加载客户端密钥-8178
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIDAPQqMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNDEyMDcyMTIwNTNaFw0xNzEyMTAwMTUxMTdaMIGYMRMw
EQYDVQQLEwpHVDE2MDYzMTM0MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE0MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEdMBsGA1UEAwwUKi5panNzZWxnZW1lZW50
ZW4ubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDerCdu0VgKjUQL
PSls9zxw5i3J2k7w2Z537S2giNdLl53SDr2zLmiCQgqVju3G8QyoYA0f1lJV9z8J
HDI+awmBnj4IM/0GcnMxN7EMdymjAvfcyNu80mCOkaVZAGf0HTHj3ZUNeiu4PxSi
mdlCHKWhS0DkhuqEnZ2WCa8giTu1F72KyqqKzlo5wLTBlWblRhAZn6ohObSdPTkz
iXSMmom8fihPiz/ilpQtJxVs7wYXhpQRKw1rlWCeK/EERQUI3YhJh4iJexhP3JCm
/jLPcFIpCbCHmh4o82vr1oH8g1+T2k9DrvarG9mDf2ueMtCxURdcT6UBB/d2ioDJ
JKIMSSLPAgMBAAGjggFkMIIBYDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz
4gjLWTBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1j
ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYD
VR0RBCwwKoIUKi5panNzZWxnZW1lZW50ZW4ubmyCEmlqc3NlbGdlbWVlbnRlbi5u
bDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAM
BgNVHRMBAf8EAjAAMEUGA1UdIAQ+MDwwOgYKYIZIAYb4RQEHNjAsMCoGCCsGAQUF
BwIBFh5odHRwczovL3d3dy5yYXBpZHNzbC5jb20vbGVnYWwwDQYJKoZIhvcNAQEL
BQADggEBAEZbL3L9VLuhrGSsVkWT6KYEQEj73oofh/+wQRRjVR/yjHniGIiVxZG1
uQGpHf5G+ap2BxSucLuJNfLcKszS54NTdFNJk4o/N2fsGIRvd1ts+SWg2fdt9BnH
4hvMBXQCBB2FQDIro3lR7JFWF3KIcCReVog84/JShibTJjwpDRFbkzGsnJ8ERUhv
4ZQ8HimOQkqIXMS61YxgpwfB+lb77cxu73tON2HMolabgdkpnJ9ixX1O5siI65lp
3xiHN3o9sJ33V4Q0mBhOBOqAZCvaJ/rY91ESBTIqZYZ4foBHwiYCLTVCvRCjGYjA
VO/CgSlN0WHRrHw6pxwtf3qcYAp67No=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
gP8L8mJMcCal
-----END CERTIFICATE-----
2 个解决方案
解决方案1
1 已采纳 2017-08-07 11:50:26
By setting CURLOPT_SSLCERT to /controllers/ssl/certificate.pem you set this file up as the certificate the client should use to authenticate itself against the server. 通过将CURLOPT_SSLCERT为/controllers/ssl/certificate.pem您可以将此文件设置为客户端用来对服务器进行身份验证的证书。 In this case the certificate needs to be accompanied with the private key matching the public key in the server. 在这种情况下,证书需要随附与服务器中的公钥匹配的私钥。 But, it doesn't and that's why you get the error "Unable to load client key" . 但是,事实并非如此,这就是为什么出现错误“无法加载客户端密钥”的原因 。
After the question was edited with the contents of the certificate file it looks like that there is a misunderstanding of the purpose of the file. 用证书文件的内容编辑问题之后,似乎对文件的用途有误解。 The file consists of two certificates, where the second on is the leaf certificate for a server with a common name of *.ijsselgemeenten.nl while the first one is the certificate for the sub-CA which issued this certificate RapidSSL SHA256 CA - G3 . 该文件包含两个证书,其中第二个是公用名称为*.ijsselgemeenten.nl的服务器的叶证书,而第一个是颁发此证书RapidSSL SHA256 CA - G3的子CA的证书。 My guess is that these should not be used as client certificates but that this is the server certificate which should get expected by the client. 我的猜测是这些不应该用作客户端证书,但这是客户端应该期望的服务器证书。
In this case: 在这种情况下:
-
CURLOPT_SSL_VERIFYPEERshould not be set to false because the server should be validatedCURLOPT_SSL_VERIFYPEER不应设置为false,因为应验证服务器 -
CURLOPT_SSLCERTshould not be set since no authentication with a client certificate should be done不应设置CURLOPT_SSLCERT因为不应使用客户端证书进行身份验证 - If both server and local CA store are setup properly it should work now. 如果服务器和本地CA存储都正确设置,则应该可以正常工作。 If not (ie missing sub-CA at the server) one might try to set CURLOPT_CAINFO to the given file. 如果不是这样(即在服务器上缺少子CA),则可以尝试将CURLOPT_CAINFO设置为给定文件。
解决方案2
0 2019-08-27 19:48:00
Today I solved the same problem and I want to share a solution, it may be useful to someone. 今天,我解决了相同的问题,并且想分享一个解决方案,它可能对某人有用。
I was sent the certfile.p12 to make ssl requests. 我被发送了certfile.p12来发出ssl请求。 I extracted the file by openssl utility to public.pem and privatekey.pem . 我通过openssl实用程序将文件提取到public.pem和privatekey.pem 。 On my local machines Mac OS and Windows the code worked great. 在我的本地计算机Mac OS和Windows上,代码运行良好。
// Works great on Mac OS and Windows
$data = [
'field1' => 'demo1',
'field2' => 'demo2',
'field3' => 'demo3'
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/public.pem');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd() . '/cert/privatekey.pem');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$response = curl_exec($ch);
curl_close($ch);
But on CentOS 7 I began to get an error "cURL 58 error Unable to load client key -8178 " , it turned out that the Mac OS and CentOS works differently with the curl SSL Verification 但是在CentOS 7上,我开始收到错误消息“ cURL 58错误,无法加载客户端密钥-8178” ,事实证明Mac OS和CentOS与curl SSL验证的工作方式不同
My solution: 我的解决方案:
I extracted the certfile.p12 by openssl in this case only to one file with this command: 在这种情况下,我使用openssl将certfile.p12提取到一个文件中:
openssl pkcs12 -in certfile.p12 -out keys.pem -nodes
And little bit changed the php code to this: 并很少将php代码更改为:
// Works great on Mac OS, Windows and CentOS 7 by my testing
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/keys.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
And it worked :) 它起作用了:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.