[英]PayPal: Peer certificate cannot be authenticated with known CA certificates
Hi suddely I start to get this error curl_error: Peer certificate cannot be authenticated with known CA certificates on paypal transactions on my site.嗨,突然间,我开始收到此错误 curl_error: Peer certificate cannot be authentication with known CA 证书在我网站上的 paypal 交易中。 The certificate name is VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt and seem to be valid and seem to be an Intermediate Certificate.证书名称是 VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt 并且似乎有效并且似乎是中间证书。 The code is the following but it workd for years.代码如下,但它工作了多年。
curl_setopt($conn, CURLOPT_HEADER, 0);
curl_setopt($conn, CURLOPT_NOBODY, 0);
curl_setopt($conn, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($conn, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($conn, CURLOPT_CAINFO, getcwd() . "/CAcerts/VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt");
curl_setopt($conn, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($conn, CURLOPT_PROXYTYPE, "CURLPROXY_HTTP");
curl_setopt($conn, CURLOPT_PROXYAUTH, "CURLAUTH_BASIC");
curl_setopt($conn, CURLOPT_POST, 1);
curl_setopt($conn, CURLOPT_POSTFIELDS, $postString);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
The site is on a simple hosting and there is no ssh.该站点位于一个简单的主机上,没有 ssh。 What should I do?我该怎么办? Should I insltall a new certificate?我应该安装新证书吗? If so what certificate and what is the correct procedure?如果是这样,什么证书以及正确的程序是什么?
The file /CAcerts/VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt is out of date.文件 /CAcerts/VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt 已过期。
Update to one that is able to verify the issuer of the certificate of the PayPal server you are connecting to.更新到能够验证您所连接的 PayPal 服务器证书的颁发者。
You can download an updated bundle of Certificate Authorities here: https://curl.haxx.se/docs/caextract.html您可以在此处下载更新的证书颁发机构包: https : //curl.haxx.se/docs/caextract.html
Put that .pem file somewhere like /CAcerts/, and change your path to point to it.将该 .pem 文件放在 /CAcerts/ 之类的地方,然后更改您的路径以指向它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.