卷曲错误:无法加载 PEM 客户端证书
[英]Curl Error: could not load PEM client certificate
问题描述
I'm trying to send a GET request using PHP curl by passing a certificate
我正在尝试通过传递证书使用 PHP curl 发送 GET 请求
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_POST, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
$pemFile = tmpfile();
fwrite($pemFile, "demo-cert.p12");//the path for the pem file
$tempPemPath = stream_get_meta_data($pemFile);
$tempPemPath = $tempPemPath['uri'];
curl_setopt($ch, CURLOPT_SSLCERT, $tempPemPath);
$result = curl_exec($ch);
if(!$result)
{
echo "Curl Error: " . curl_error($ch);
}
else
{
echo "Success: ". $result;
}
But don't know how to pass the "password" so I get this error但不知道如何传递“密码”所以我收到这个错误
Curl Error: could not load PEM client certificate, OpenSSL error error:0906D06C:PEM
routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wrong file format?)
[update] [更新]
Changed demo-cert.p12 to demo-cert.pem which exists with the php file but still getting the same issue because no password sent.将 demo-cert.p12 更改为 demo-cert.pem,它存在于 php 文件中,但由于未发送密码,仍然遇到相同的问题。 The certificate folder contains other 2 files: demo-combined.pem and demo-key.pem but first need to send the password.证书文件夹包含其他 2 个文件:demo-combined.pem 和 demo-key.pem,但首先需要发送密码。
[update2] [更新2]
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_POST, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSLCERT, 'demo-key.pem');
curl_setopt($ch, CURLOPT_SSLKEY, 'demo-cert.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'pass');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'pass');
These files are stored with the PHP file in the same directory.这些文件与 PHP 文件存储在同一目录中。 Still getting the same error仍然得到同样的错误
[update 3] [更新3]
How to edit the code to send the server certificate as well?如何编辑代码以发送服务器证书?
curl --show-error --verbose --cacert server-cert.pem --cert cert2.pem curl --show-error --verbose --cacert server-cert.pem --cert cert2.pem
curl_setopt($ch, CURLOPT_SSLCERT, 'demo-cert.pem');
curl_setopt($ch, CURLOPT_SSLKEY, 'demo-key.pem');
The result is:结果是:
Success: SOAP-ENV:ClientData required for operation
Not returning XML data as did while opening the same URL in the browser.不像在浏览器中打开相同的 URL 那样返回 XML 数据。 Anything wrong yet?有什么问题吗?
2 个解决方案
解决方案1
2 2018-06-14 14:47:37
First changed "CURLOPT_POST" from True to False.首先将“CURLOPT_POST”从 True 更改为 False。 Second exchanged "CURLOPT_SSLCERT" value with "CURLOPT_SSLKEY" value to send the correct certificate and key file names Thanks to @vstm and now I get the correct result.第二次交换“CURLOPT_SSLCERT”值与“CURLOPT_SSLKEY”值以发送正确的证书和密钥文件名感谢@vstm,现在我得到了正确的结果。
Thank you all.谢谢你们。
解决方案2
1 2019-06-25 16:54:29
Since you are using the filename - Try an absolute path.由于您使用的是文件名 - 尝试使用绝对路径。 You don't need both the key and Cert to be converted to PEM.您不需要将密钥和证书都转换为 PEM。 Just use the Single .PEM file that has both the certificate and key.只需使用具有证书和密钥的单个 .PEM 文件即可。
eg例如
curl_setopt($ch, CURLOPT_SSLCERT, 'c:/wamp64/www/bit-tool/www/testcert.pem');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.