[英]cURL 58 error Unable to load client key -8178
在這里輸入代碼我正在嘗試建立我的第一個ssl連接,但是我無法查明錯誤代碼58無法加載的原因。
我正在使用php curl來測試連接,這里是代碼的使用
$port = "443";
$cert = getcwd() . "/controllers/ssl/certificate.pem";
$testxml = "testset/npsLv01.xml";
$headers = array(
'Content-Type: text/xml; charset="utf-8"',
'Content-Length: '.strlen($testxml),
'Accept: text/xml',
'Cache-Control: no-cache',
'Pragma: no-cache',
'SOAPAction: "Send"'
);
try {
$ch = curl_init($testurl);
if (FALSE === $ch)
throw new Exception('failed to initialize');
//curl opties om ssl verbinding op te zetten
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_SSLCERT, $cert);
curl_setopt($ch, CURLOPT_PORT, $port);
//post data afhandeling
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $testxml);
//headers voor het verwerken van de post
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
//timeout settings
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
//trying stuff out
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_CERTINFO, true);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//exec de request
$data = curl_exec($ch);
if (FALSE === $data)
throw new Exception(curl_error($ch), curl_errno($ch));
} catch(Exception $e) {
echo 'error code = ';
echo $e->getCode();
echo " error message = ";
echo $e->getMessage();
die;
}
var_dump($data); die;
當執行此代碼時,我得到以下錯誤:錯誤代碼= 58錯誤消息=無法加載客戶端密鑰-8178
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIDAPQqMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNDEyMDcyMTIwNTNaFw0xNzEyMTAwMTUxMTdaMIGYMRMw
EQYDVQQLEwpHVDE2MDYzMTM0MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE0MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEdMBsGA1UEAwwUKi5panNzZWxnZW1lZW50
ZW4ubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDerCdu0VgKjUQL
PSls9zxw5i3J2k7w2Z537S2giNdLl53SDr2zLmiCQgqVju3G8QyoYA0f1lJV9z8J
HDI+awmBnj4IM/0GcnMxN7EMdymjAvfcyNu80mCOkaVZAGf0HTHj3ZUNeiu4PxSi
mdlCHKWhS0DkhuqEnZ2WCa8giTu1F72KyqqKzlo5wLTBlWblRhAZn6ohObSdPTkz
iXSMmom8fihPiz/ilpQtJxVs7wYXhpQRKw1rlWCeK/EERQUI3YhJh4iJexhP3JCm
/jLPcFIpCbCHmh4o82vr1oH8g1+T2k9DrvarG9mDf2ueMtCxURdcT6UBB/d2ioDJ
JKIMSSLPAgMBAAGjggFkMIIBYDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz
4gjLWTBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1j
ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYD
VR0RBCwwKoIUKi5panNzZWxnZW1lZW50ZW4ubmyCEmlqc3NlbGdlbWVlbnRlbi5u
bDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAM
BgNVHRMBAf8EAjAAMEUGA1UdIAQ+MDwwOgYKYIZIAYb4RQEHNjAsMCoGCCsGAQUF
BwIBFh5odHRwczovL3d3dy5yYXBpZHNzbC5jb20vbGVnYWwwDQYJKoZIhvcNAQEL
BQADggEBAEZbL3L9VLuhrGSsVkWT6KYEQEj73oofh/+wQRRjVR/yjHniGIiVxZG1
uQGpHf5G+ap2BxSucLuJNfLcKszS54NTdFNJk4o/N2fsGIRvd1ts+SWg2fdt9BnH
4hvMBXQCBB2FQDIro3lR7JFWF3KIcCReVog84/JShibTJjwpDRFbkzGsnJ8ERUhv
4ZQ8HimOQkqIXMS61YxgpwfB+lb77cxu73tON2HMolabgdkpnJ9ixX1O5siI65lp
3xiHN3o9sJ33V4Q0mBhOBOqAZCvaJ/rY91ESBTIqZYZ4foBHwiYCLTVCvRCjGYjA
VO/CgSlN0WHRrHw6pxwtf3qcYAp67No=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
gP8L8mJMcCal
-----END CERTIFICATE-----
通過將CURLOPT_SSLCERT為/controllers/ssl/certificate.pem您可以將此文件設置為客戶端用來對服務器進行身份驗證的證書。 在這種情況下,證書需要隨附與服務器中的公鑰匹配的私鑰。 但是,事實並非如此,這就是為什么出現錯誤“無法加載客戶端密鑰”的原因 。
用證書文件的內容編輯問題之后,似乎對文件的用途有誤解。 該文件包含兩個證書,其中第二個是公用名稱為*.ijsselgemeenten.nl的服務器的葉證書,而第一個是頒發此證書RapidSSL SHA256 CA - G3的子CA的證書。 我的猜測是這些不應該用作客戶端證書,但這是客戶端應該期望的服務器證書。
在這種情況下:
CURLOPT_SSL_VERIFYPEER不應設置為false,因為應驗證服務器 CURLOPT_SSLCERT因為不應使用客戶端證書進行身份驗證 今天,我解決了相同的問題,並且想分享一個解決方案,它可能對某人有用。
我被發送了certfile.p12來發出ssl請求。 我通過openssl實用程序將文件提取到public.pem和privatekey.pem 。 在我的本地計算機Mac OS和Windows上,代碼運行良好。
// Works great on Mac OS and Windows
$data = [
'field1' => 'demo1',
'field2' => 'demo2',
'field3' => 'demo3'
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/public.pem');
curl_setopt($ch, CURLOPT_SSLKEY, getcwd() . '/cert/privatekey.pem');
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$response = curl_exec($ch);
curl_close($ch);
但是在CentOS 7上,我開始收到錯誤消息“ cURL 58錯誤,無法加載客戶端密鑰-8178” ,事實證明Mac OS和CentOS與curl SSL驗證的工作方式不同
我的解決方案:
在這種情況下,我使用openssl將certfile.p12提取到一個文件中:
openssl pkcs12 -in certfile.p12 -out keys.pem -nodes
並很少將php代碼更改為:
// Works great on Mac OS, Windows and CentOS 7 by my testing
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://some_api.com');
curl_setopt($ch, CURLOPT_PORT , 443);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '/cert/keys.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'HerePassphraseOfPrivateKey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
它起作用了:)
curl “Peer 的公鑰無效。” 無法加載客戶端密鑰:-8178 (SEC_ERROR_BAD_KEY)
[英]curl “Peer's public key is invalid.” unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
卷曲失敗,並顯示錯誤#58:無法使用客戶端證書(找不到密鑰或密碼短語錯誤?)
[英]Curl failed with error #58: unable to use client certificate (no key found or wrong pass phrase?)
cURL 錯誤 (58): 無法設置私鑰文件: '/var/www/work/xml/keys/client.pem' 類型 PEM
[英]cURL Error (58): unable to set private key file: '/var/www/work/xml/keys/client.pem' type PEM
cURL錯誤58:SSL:無法加載證書“...”及其私鑰:Mac上的OSStatus -25299
[英]cURL error 58: SSL: Can't load the certificate “…” and its private key: OSStatus -25299 on Mac
cURL 與 SSL 證書失敗:錯誤 58 無法設置私鑰文件
[英]cURL with SSL certificates fails: error 58 unable to set private key file
PHP Curl錯誤:無法加載客戶端證書-8018。 (連接到SSO API)
[英]PHP Curl Error: Unable to load client cert -8018. (Connecting to SSO API)
PHP CURL錯誤:無法使用客戶端證書(找不到密鑰或密碼短語錯誤?)
[英]PHP CURL error: unable to use client certificate (no key found or wrong pass phrase?)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.