php套接字:使用不带私钥的Symantec证书
[英]php socket: using Symantec certificate without a private key
问题描述
I'm developing a php client to interact with Nominet EPP server, and as I found in their web site: http://registrars.nominet.uk/namespace/uk/registration-and-domain-management/registrar-systems/epp/registration 
我正在开发一个与Nominet EPP服务器进行交互的php客户端,正如我在其网站上所发现的: http : //registrars.nominet.uk/namespace/uk/registration-and-domain-management/registrar-systems/epp /注册
I need to use a "Verisign Class 3 Public Primary Certification Authority" root certificate. 我需要使用“ Verisign 3类公共主要证书颁发机构”根证书。 I found one in here (Verisign is bought by Symantec): https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&id=SO5624&actp=LIST&viewlocale=en_US 我在这里找到了一个(Verisign由Symantec购买): https : //knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&id=SO5624&actp=LIST&viewlocale=zh_CN
When I use it in my php code: 当我在php代码中使用它时:
//$context = stream_context_create(array($this->protocol => $options));
$context = stream_context_create();
stream_context_set_option($context, $this->protocol, 'local_cert', __DIR__ . '/../../certificates/'.$this->certificate_path);
$errno = false;
$errstr = false;
$this->socket = stream_socket_client($this->protocol.'://'.$this->hostname.':'.$this->port, $errno, $errstr, 5 , STREAM_CLIENT_CONNECT, $context);
Everything is ok: path of certificate, port, hostname ... And I get: 一切都OK:证书,端口,主机名的路径……我得到:
"stream_socket_client(): Unable to set private key file ..."
I know I need a private key, but in Symentec website they don't give a private key. 我知道我需要一个私钥,但是在Symentec网站上,他们没有提供私钥。
Do anyone have any idea ? 有人知道吗?
Thanks so much, 非常感谢,
Hassan, 哈桑
1 个解决方案
解决方案1
0 2017-09-20 08:41:50
You are not using the right context option. 您没有使用正确的上下文选项。 This option is to define your certificate. 此选项用于定义您的证书。 What you want is use the certificate you found to authenticate the peer server, to make sure you are really talking to the right one. 您想要的是使用找到的证书对对等服务器进行身份验证,以确保您与正确的服务器进行了真正的对话。
As stated by this: 如上所述:
In order to verify the identity of the secure server you will need the 'Verisign Class 3 Public Primary Certification Authority' root certificate available free from www.verisign.com (the certificate is also distributed with most web browsers).
On PHP Doc: 在PHP Doc上:
local_cert
string Path to local certificate file on filesystem.
But what you want is this: 但是您想要的是:
cafile
Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.