在PHP中使用ssl cert时出错
[英]Error using ssl cert with PHP
问题描述
I am new to php and I am getting this error trying to load a cert 
我是php的新手,我在尝试加载证书时遇到此错误
jameys-macbookpro41:~ user$ php -f ~/Sites/providerService.php
Warning: stream_socket_client(): Unable to set local cert chain file `cert.pem'; 警告:stream_socket_client():无法设置本地证书链文件`cert.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /Users/jamey/Sites/providerService.php on line 27 在第27行的/Users/jamey/Sites/providerService.php中检查您的cafile / capath设置是否包含证书及其颁发者的详细信息
cert.pem is in the same folder as the php file. cert.pem与php文件位于同一文件夹中。 the file cert.pem was created in the Apple keychain tool 文件cert.pem是在Apple钥匙串工具中创建的
class pushNotifications {
...
private $sslPem = 'cert.pem';
...
function connectToAPNS(){
$streamContext = stream_context_create();
stream_context_set_option($streamContext, 'ssl',
'local_cert', $this->sslPem);
Thanks for any help! 谢谢你的帮助!
5 个解决方案
解决方案1
15 已采纳 2009-05-01 00:18:33
You are getting an error because it's trying to find your cert.pem file in the directory you are running the script from, not the directory the script is in. In your example, it is your user directory "~". 您收到错误是因为它试图在您运行脚本的目录中找到cert.pem文件,而不是脚本所在的目录。在您的示例中,它是您的用户目录“〜”。
Try changing your class to this, or something similar: 尝试将您的课程更改为此类或类似内容:
class pushNotifications {
...
private $sslPem = 'cert.pem';
...
function connectToAPNS(){
$streamContext = stream_context_create();
stream_context_set_option($streamContext, 'ssl', 'local_cert', dirname(__FILE__) . '/' . $this->sslPem);
解决方案2
10 2009-09-26 23:34:51
I was having this issue as well, it turns out that for some reason my private key didn't match the one associated with the aps_developer_identity.cer I had... 我也有这个问题,事实证明,由于某些原因,我的私钥与aps_developer_identity.cer关联的私钥不匹配我...
I ended up clearing all of my public and private keys from my 'login' keychain item, then I started the entire process over again (Generated the request)...I submitted the new request file on the program portal and generated a new certificate, downloaded, and installed it by double-clicking it (developer_identity.cer). 我最终从我的“登录”钥匙串项目中清除了所有公钥和私钥,然后我重新开始整个过程(生成请求)...我在程序门户上提交了新请求文件并生成了新证书双击它(developer_identity.cer),下载并安装它。 Then, I reset the provisioning profiles to use the new Push SSL certs, downloaded those, and installed them by double-clicking (aps_developer_identity.cer). 然后,我重置配置文件以使用新的Push SSL证书,下载这些证书,然后通过双击(aps_developer_identity.cer)安装它们。 Finally, I reset the provisioning profile and downloaded the new one. 最后,我重置了配置文件并下载了新配置文件。 I cleared out the old one in the Xcode Organizer, and installed the new one. 我在Xcode Organizer中清除了旧的,并安装了新的。 Finally, I exported my 'private' key as key.p12 and my aps_developer_identity.cer as apsdi.p12, and ran the following commands against them: 最后,我将'private'键作为key.p12导出,将我的aps_developer_identity.cer导出为apsdi.p12,并对它们运行以下命令:
openssl pkcs12 -clcerts -nokeys -out apsdi.pem -in apsdi.p12
openssl pkcs12 -nocerts -out key.pem -in key.p12
If you're okay using a passphrase (recommended for production): 如果你可以使用密码短语(推荐用于制作):
cat apsdi.pem key.pem > cert.pem
If you wish to use a 'blank' passphrase, you'll need to unencrypt your private key first, using the password you specified when you converted it to pem format : 如果您希望使用“空白”密码短语,则需要首先使用在将其转换为pem格式时指定的密码来解密您的私钥:
openssl rsa -in key.pem -out key.unencrypted.pem
And then cat the cert and unencrypted key into apns.pem (or whatever filename you have chosen): 然后将证书和未加密密钥插入apns.pem(或您选择的任何文件名):
cat apsdi.pem key.unencrypted.pem > apns.pem
It's very important that you export your aps_developer_identity certificate, not your developer_identity certificate as apsdi.pem. 导出aps_developer_identity证书非常重要, 而不是像apsdi.pem那样导出developer_identity证书。
If you can expand your developer_identity.cer and aps_developer_identity.cer entries in Keychain Access, and you see a 'private' key when you do, everything should work. 如果您可以在Keychain Access中扩展developer_identity.cer和aps_developer_identity.cer条目,并且在执行操作时看到“私有”密钥,则一切都应该有效。
解决方案3
2 2011-05-06 07:47:19
As a complementary tip, for anyone having the same issue: when exporting the private key from Apple's keychain access, and converting to .pem, SPECIFY A PASSWORD. 作为补充提示,对于任何具有相同问题的人:从Apple的钥匙串访问中导出私钥,并转换为.pem时,指定密码。
For some reason, it seems leaving a blank password in one of the exports removes the private key, thus the final .pem is not complete. 出于某种原因,似乎在其中一个导出中留下空白密码会删除私钥,因此最终的.pem不完整。
So put a dummy password, even if you later remove it using openssl. 因此,即使您稍后使用openssl删除它,也要输入一个虚拟密码。
解决方案4
0 2013-04-19 09:40:27
Just change the owner to www-data It will work :) 只需将所有者更改为www-data就可以了:)
sudo chown www-data.www-data ck.pem
deafult user of apache www-data apache www-data的聋人用户
解决方案5
0
Notes for the future (after having a big headache because of all of this): 1. if you get the handshake error - the pem file you created is probably wrong. 未来的注意事项(因为所有这一切后头痛):1。如果你得到握手错误 - 你创建的pem文件可能是错误的。
a. 一个。 make sure the file is in the same directory as the php you are trying to run. 确保该文件与您尝试运行的php位于同一目录中。 b. 湾 export the certifcate p12 file AND the key under it in the keychain access utility.both of these files will be the SAME size, but they ARE different. 在钥匙串访问实用程序中导出certifcate p12文件及其下的密钥。这些文件中的两个将是相同的大小,但它们是不同的。 c. C。 do the above "openssl" commands in the macintosh terminal. 在macintosh终端上执行上面的“openssl”命令。
- currently, all I can do is run the php as sudo, because of the chmod 400 for ck.pem. 目前,我所能做的就是将php作为sudo运行,因为ck.pem的chmod为400。 something got to give... 有些东西要给......
btw, the message "Failed to enable crypto" will dissappear when the system runs correctly. 顺便说一句,当系统正常运行时,消息“无法启用加密”将消失。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.