Our system needs to make a cURL call from PHP to a third party server. The third party server requires us to include a certificate with the request for authentication. Currently our requests are returning:
我们的系统需要从PHP向第三方服务器发出cURL调用。第三方服务器要求我们在认证请求中包含一个证书。目前我们的请求正在返回:
HTTP ERROR: cURL ERROR: 0: NSS: client certificate not found or NSS: client certificate not found (nickname not specified)
HTTP错误:cURL错误:0:NSS:未找到客户端证书,NSS:未找到客户端证书(昵称未指定)
Server is standard Fedora 15 LAMP stack.
服务器是标准的Fedora 15 LAMP堆栈。
2 个解决方案
#1
2
I found the below at http://www.linuxquestions.org/questions/programming-9/stuck-with-php-curl-and-ssl-certificates-322684/ which looks like it will suit your needs, specifically CURLOPT_SSLCERT, CURLOPT_SSLCERTPASSWD, CURLOPT_SSLKEYTYPE, CURLOPT_SSLKEY
我找到了以下地址:http://www.linuxquestions.org/questions/编程-9/stuck-with-php-curl-and- sslr -证书-322684/,它看起来适合您的需要,尤其是CURLOPT_SSLCERT、CURLOPT_SSLCERTPASSWD、CURLOPT_SSLKEYTYPE、CURLOPT_SSLKEY。
$url = "https://www.bla.com/foo"; // onramp url
$clientcert = $diagno_libdir."/exported-with-private-key.pem";
$keyfile = $diagno_libdir."/clientkey.key";
$challenge = "nightmare";
print "<bR><BR>$challenge<br><br>";
print "<bR><BR>$keyfile<br><br>";
$header = Array();
$header[] = "Content-Type: multipart/related \r\n";
$header[] = "type=text/xml \r\n";
$header[] = "boundary=--someBoundaryValue-- \r\n";
$header[] = "start=ebXML_Message_Header \r\n";
$header[] = $iptest;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_SSLCERT, $clientcert);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $challenge);
curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, $keyfile);
$ret = curl_exec($ch);
#2
0
I realize this question was asked a year+ ago, but since I found it because I ran into (I think) the same issue today:
我意识到这个问题是在一年多以前被问到的,但是因为我发现了这个问题,所以今天我遇到了同样的问题:
My issue was that the certificate I was trying to use was signed by a Certificate Authority (CA) that wasn't on the list of CA's accepted by the server. This was verified using openssl.
我的问题是,我试图使用的证书是由证书颁发机构(CA)签名的,而证书颁发机构(CA)不在服务器接受的CA列表中。这是使用openssl验证的。
-
openssl s_client -connect host:443 -showcerts | more(which lists the accepted CA certs) - openssl s_client -connect主机:443 -showcerts |更多(列出了已接受的CA证书)
-
openssl x509 -in mycert.crt -noout -text | more(which shows who signed my cert...) - openssl x509——mycert。crt -noout -text | more(显示谁签署了我的证书…)
If the CA from 2. isn't in the list found in 1., then you're not going to be able to complete the SSL authentication.
如果CA从2开始。不是在1中发现的列表中。,然后您将无法完成SSL身份验证。
#1
2
I found the below at http://www.linuxquestions.org/questions/programming-9/stuck-with-php-curl-and-ssl-certificates-322684/ which looks like it will suit your needs, specifically CURLOPT_SSLCERT, CURLOPT_SSLCERTPASSWD, CURLOPT_SSLKEYTYPE, CURLOPT_SSLKEY
我找到了以下地址:http://www.linuxquestions.org/questions/编程-9/stuck-with-php-curl-and- sslr -证书-322684/,它看起来适合您的需要,尤其是CURLOPT_SSLCERT、CURLOPT_SSLCERTPASSWD、CURLOPT_SSLKEYTYPE、CURLOPT_SSLKEY。
$url = "https://www.bla.com/foo"; // onramp url
$clientcert = $diagno_libdir."/exported-with-private-key.pem";
$keyfile = $diagno_libdir."/clientkey.key";
$challenge = "nightmare";
print "<bR><BR>$challenge<br><br>";
print "<bR><BR>$keyfile<br><br>";
$header = Array();
$header[] = "Content-Type: multipart/related \r\n";
$header[] = "type=text/xml \r\n";
$header[] = "boundary=--someBoundaryValue-- \r\n";
$header[] = "start=ebXML_Message_Header \r\n";
$header[] = $iptest;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_SSLCERT, $clientcert);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $challenge);
curl_setopt($ch, CURLOPT_SSLKEYTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLKEY, $keyfile);
$ret = curl_exec($ch);
#2
0
I realize this question was asked a year+ ago, but since I found it because I ran into (I think) the same issue today:
我意识到这个问题是在一年多以前被问到的,但是因为我发现了这个问题,所以今天我遇到了同样的问题:
My issue was that the certificate I was trying to use was signed by a Certificate Authority (CA) that wasn't on the list of CA's accepted by the server. This was verified using openssl.
我的问题是,我试图使用的证书是由证书颁发机构(CA)签名的,而证书颁发机构(CA)不在服务器接受的CA列表中。这是使用openssl验证的。
-
openssl s_client -connect host:443 -showcerts | more(which lists the accepted CA certs) - openssl s_client -connect主机:443 -showcerts |更多(列出了已接受的CA证书)
-
openssl x509 -in mycert.crt -noout -text | more(which shows who signed my cert...) - openssl x509——mycert。crt -noout -text | more(显示谁签署了我的证书…)
If the CA from 2. isn't in the list found in 1., then you're not going to be able to complete the SSL authentication.
如果CA从2开始。不是在1中发现的列表中。,然后您将无法完成SSL身份验证。