stackoom
  简体   繁体   中英

php socket: using Symantec certificate without a private key

 原文  2017-09-20 08:26:27       php/ nominet

Question

I'm developing a php client to interact with Nominet EPP server, and as I found in their web site: http://registrars.nominet.uk/namespace/uk/registration-and-domain-management/registrar-systems/epp/registration

I need to use a "Verisign Class 3 Public Primary Certification Authority" root certificate. I found one in here (Verisign is bought by Symantec): https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&id=SO5624&actp=LIST&viewlocale=en_US

When I use it in my php code: 

//$context = stream_context_create(array($this->protocol => $options));
$context = stream_context_create();
stream_context_set_option($context, $this->protocol, 'local_cert', __DIR__ . '/../../certificates/'.$this->certificate_path);

$errno = false;
$errstr = false;
$this->socket = stream_socket_client($this->protocol.'://'.$this->hostname.':'.$this->port, $errno, $errstr, 5 , STREAM_CLIENT_CONNECT, $context);

Everything is ok: path of certificate, port, hostname ... And I get:

"stream_socket_client(): Unable to set private key file ..."

I know I need a private key, but in Symentec website they don't give a private key.

Do anyone have any idea ?

Thanks so much,

Hassan,

1 answers

solution1
 0  2017-09-20 08:41:50

You are not using the right context option. This option is to define your certificate. What you want is use the certificate you found to authenticate the peer server, to make sure you are really talking to the right one.

As stated by this:

In order to verify the identity of the secure server you will need the 'Verisign Class 3 Public Primary Certification Authority' root certificate available free from www.verisign.com (the certificate is also distributed with most web browsers).

On PHP Doc:

local_cert

string Path to local certificate file on filesystem. It must be a PEM encoded file which contains your certificate and private key.

But what you want is this:

cafile

Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSL: match private key with certificate using PHP (without phpseclib) Using curl in php with client certificate and private key in separate files Certificate and private key do not match when using php to generate certificate signing request How do I create an X509 Certificate in PHP without the clients private key? Access certificate private key from PHP, certificate key stored in windows certificate store PHP: Unable to set private key file using TLS protocol with function stream_socket_client() Can PHP OpenSSL generate private/public key/certificate pairs? Private Certificate Authority in PHP? remote mysql connection using private key in php Encrypt a pdf using openssl private key - PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM