stackoom
  简体   繁体   中英

How do I add a Certificate Authority to PHP so the file() function trusts certificates signed by it?

 原文  2017-01-20 21:08:18       php/ ssl

Question

I need to open remote resources that are signed by a private company's Certificate Authority. Right now, PHP won't open the resources because it doesn't trust the certificate signer.

I know you can do certificates with the stream context object, but I'm looking for a way to give PHP the public key of a new Certificate Authority and have the file() and similar methods trust remote certificates signed by that authority without having to create a stream context each time .

Is there a way to add a new Certificate Authority to php.ini? I tried adding the CA's public key to /etc/ssl/certs/ , but it doesn't seem to be recognized.

3 answers

solution1
 4  2017-01-20 21:30:18

Curl uses a single file with all of the CA's in it. To add a new CA to Curl/PHP, you need to get a complete bundle, add your cert to the bundle, then tell PHP to use the custom bundle.

  1. Download the latest bundle from CURL and save it to /etc/ssl/certs/cacert.pem :

curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem

  1. Edit the /etc/ssl/certs/cacert.pem file, and add your new CA public key to the bottom.

  2. Edit php.ini and add the line openssl.cafile=/etc/ssl/certs/cacert.pem to the top (or bottom).

  3. Restart the webserver.

solution2
 0  2021-12-11 19:14:13

Here is how I did it

1- I downloaded the cacert.pem from https://curl.se/docs/caextract.html

2- I copied the cert to /usr/local/etc/ssl/certs/cacert.pem

3- I added this line to the php.ini openssl.cafile= "/usr/local/etc/ssl/certs/cacert.pem" and for curl support this line curl.cainfo = "/usr/local/etc/ssl/certs/cacert.pem"

4- restart the server and done.

solution3
 0  2023-01-30 18:52:28

I figured out following steps:

Find your php.ini with

php -i | grep "Loaded Configuration File"

Inside php.ini verify/specify path to the certs

curl.cainfo =/your/path/cacert.pem
openssl.cafile=/your/path/cacert.pem

And the trickiest part:

if you need a custom certificate to be added append it to /your/path/cacert.pem It looks like this

-----BEGIN CERTIFICATE-----
BLABLABLABLABLABLABLABLABLA
BLABLABLABLABLABLABLABLABLA
-----END CERTIFICATE-----

I didn't have to restart anything in my case (only php script itself) but I guess it depends

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Securely updating Certificate Authority Certificates How do I generate a self-signed certificate using PHP and OpenSSL Private Certificate Authority in PHP? How to verify certificates (not self signed) using PHP How do I add an OR function to a PHP code? How Do i Add a " into php string function How do I add “friends” function in PHP? How do I download a file from a signed URL from Amazon S3 to a client machine using PHP? Ho do I add/require a full php file into a variable in a function PHP Soapcall with Signed certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM