![](/img/trans.png)
[英]curl “Peer's public key is invalid.” unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
[英]cURL 58 error Unable to load client key -8178
在这里输入代码我正在尝试建立我的第一个ssl连接,但是我无法查明错误代码58无法加载的原因。
我正在使用php curl来测试连接,这里是代码的使用
$port = "443";
$cert = getcwd() . "/controllers/ssl/certificate.pem";
$testxml = "testset/npsLv01.xml";
$headers = array(
'Content-Type: text/xml; charset="utf-8"',
'Content-Length: '.strlen($testxml),
'Accept: text/xml',
'Cache-Control: no-cache',
'Pragma: no-cache',
'SOAPAction: "Send"'
);
try {
$ch = curl_init($testurl);
if (FALSE === $ch)
throw new Exception('failed to initialize');
//curl opties om ssl verbinding op te zetten
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_SSLCERT, $cert);
curl_setopt($ch, CURLOPT_PORT, $port);
//post data afhandeling
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $testxml);
//headers voor het verwerken van de post
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
//timeout settings
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
//trying stuff out
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_CERTINFO, true);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//exec de request
$data = curl_exec($ch);
if (FALSE === $data)
throw new Exception(curl_error($ch), curl_errno($ch));
} catch(Exception $e) {
echo 'error code = ';
echo $e->getCode();
echo " error message = ";
echo $e->getMessage();
die;
}
var_dump($data); die;
当执行此代码时,我得到以下错误:错误代码= 58错误消息=无法加载客户端密钥-8178
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIDAPQqMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNDEyMDcyMTIwNTNaFw0xNzEyMTAwMTUxMTdaMIGYMRMw
EQYDVQQLEwpHVDE2MDYzMTM0MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE0MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEdMBsGA1UEAwwUKi5panNzZWxnZW1lZW50
ZW4ubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDerCdu0VgKjUQL
PSls9zxw5i3J2k7w2Z537S2giNdLl53SDr2zLmiCQgqVju3G8QyoYA0f1lJV9z8J
HDI+awmBnj4IM/0GcnMxN7EMdymjAvfcyNu80mCOkaVZAGf0HTHj3ZUNeiu4PxSi
mdlCHKWhS0DkhuqEnZ2WCa8giTu1F72KyqqKzlo5wLTBlWblRhAZn6ohObSdPTkz
iXSMmom8fihPiz/ilpQtJxVs7wYXhpQRKw1rlWCeK/EERQUI3YhJh4iJexhP3JCm
/jLPcFIpCbCHmh4o82vr1oH8g1+T2k9DrvarG9mDf2ueMtCxURdcT6UBB/d2ioDJ
JKIMSSLPAgMBAAGjggFkMIIBYDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz
4gjLWTBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1j
ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYD
VR0RBCwwKoIUKi5panNzZWxnZW1lZW50ZW4ubmyCEmlqc3NlbGdlbWVlbnRlbi5u
bDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAM
BgNVHRMBAf8EAjAAMEUGA1UdIAQ+MDwwOgYKYIZIAYb4RQEHNjAsMCoGCCsGAQUF
BwIBFh5odHRwczovL3d3dy5yYXBpZHNzbC5jb20vbGVnYWwwDQYJKoZIhvcNAQEL
BQADggEBAEZbL3L9VLuhrGSsVkWT6KYEQEj73oofh/+wQRRjVR/yjHniGIiVxZG1
uQGpHf5G+ap2BxSucLuJNfLcKszS54NTdFNJk4o/N2fsGIRvd1ts+SWg2fdt9BnH
4hvMBXQCBB2FQDIro3lR7JFWF3KIcCReVog84/JShibTJjwpDRFbkzGsnJ8ERUhv
4ZQ8HimOQkqIXMS61YxgpwfB+lb77cxu73tON2HMolabgdkpnJ9ixX1O5siI65lp
3xiHN3o9sJ33V4Q0mBhOBOqAZCvaJ/rY91ESBTIqZYZ4foBHwiYCLTVCvRCjGYjA
VO/CgSlN0WHRrHw6pxwtf3qcYAp67No=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
gP8L8mJMcCal
-----END CERTIFICATE-----
通过将CURLOPT_SSLCERT
为/controllers/ssl/certificate.pem
您可以将此文件设置为客户端用来对服务器进行身份验证的证书。 在这种情况下,证书需要随附与服务器中的公钥匹配的私钥。 但是,事实并非如此,这就是为什么出现错误“无法加载客户端密钥”的原因 。
用证书文件的内容编辑问题之后,似乎对文件的用途有误解。 该文件包含两个证书,其中第二个是公用名称为*.ijsselgemeenten.nl
的服务器的叶证书,而第一个是颁发此证书RapidSSL SHA256 CA - G3
的子CA的证书。 我的猜测是这些不应该用作客户端证书,但这是客户端应该期望的服务器证书。
在这种情况下:
CURLOPT_SSL_VERIFYPEER
不应设置为false,因为应验证服务器 CURLOPT_SSLCERT
因为不应使用客户端证书进行身份验证 今天,我解决了相同的问题,并且想分享一个解决方案,它可能对某人有用。
我被发送了certfile.p12来发出ssl请求。 我通过openssl实用程序将文件提取到public.pem和privatekey.pem 。 在我的本地计算机Mac OS和Windows上,代码运行良好。
// Works great on Mac OS and Windows
$data = [
'field1' => 'demo1',
'field2' => 'demo2',
'field3' => 'demo3'
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/public.pem');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd() . '/cert/privatekey.pem');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$response = curl_exec($ch);
curl_close($ch);
但是在CentOS 7上,我开始收到错误消息“ cURL 58错误,无法加载客户端密钥-8178” ,事实证明Mac OS和CentOS与curl SSL验证的工作方式不同
我的解决方案:
在这种情况下,我使用openssl将certfile.p12提取到一个文件中:
openssl pkcs12 -in certfile.p12 -out keys.pem -nodes
并很少将php代码更改为:
// Works great on Mac OS, Windows and CentOS 7 by my testing
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/keys.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
它起作用了:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.