CURL错误:SSL证书错误:证书链中的自签名证书
[英]CURL error: SSL certificate error: self signed certificate in certificate chain
问题描述
I am getting the above error unless I set the following: 
除非进行以下设置,否则我将收到上述错误:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
which is insecure and defeats the purpose of SSL. 这是不安全的,并且违反了SSL的目的。
I have downloaded the most recent cacert.pem certificate from https://curl.haxx.se/ca/cacert.pem . 我已经从https://curl.haxx.se/ca/cacert.pem下载了最新的cacert.pem证书。
I have set the following in php.ini and restarted apache. 我在php.ini中设置了以下内容,然后重新启动了apache。
curl.cainfo = /etc/ssl/cacert.pem
Which produced the same error. 哪个产生了同样的错误。 So I tried to set at runtime with: 所以我试图在运行时设置:
curl_setopt($curl,CURLOPT_CAINFO, "/etc/ssl/cacert.pem");
and still getting the same error. 仍然出现相同的错误。
1 个解决方案
解决方案1
0 2018-06-20 12:44:47
In case of SSL certificates signed by any Certification Authority (CA), the client app (eg browser) verify the SSL certificate with CA. 如果SSL证书由任何证书颁发机构(CA)签名,则客户端应用程序(例如,浏览器)将通过CA验证SSL证书。 CA tells the client that whether it is a trusted server or not. CA告诉客户端它是否是受信任的服务器。
When you are using self signed certificates and not using this option 当您使用自签名证书而不使用此选项时
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
you will get error because, your client app will try to verify your self signed SSL certificate with Certification Authority and CA will give error because it's a self signed certificate. 您会收到错误消息,因为您的客户端应用程序将尝试通过证书颁发机构验证您的自签名SSL证书,而CA将给出错误消息,因为它是自签名证书。
This is the reason we have to use this option to skip the SSL certificate validation step. 这就是我们必须使用此选项来跳过SSL证书验证步骤的原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.