SSL 证书问题无法获取本地颁发者证书
SSL certificate issue unable to get local issuer certificate
我正在尝试 post 将数据发送到支付网关 API。它需要 post 格式的 xml 数据。我有以下代码:
<?php
$requestUrl = 'https://api.given.bypg'; //$block->getPaymentUrl();
$amount = 100; // $block->totalOrderAmount()*100;
$approveUrl = $block->approveUrl();
$cancelUrl = $block->cancelUrl();
$declineUrl = $block->declineUrl();
$merchant = 'mydomain.com';
//$amount = '100'; // in cents. 1$ = 100cents.
$currency = '840'; // for dollar
$description = 'Happy customers is what we make.';
$merchantId = 'Nobel106513';
?>
<?php
echo $requestUrl;
$xml_data = '<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language>EN</Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>'.$merchantId.'</Merchant>
<Amount>'.$amount.'</Amount>
<Currency>'.$currency.'</Currency>
<Description>'.$description.'</Description>
<ApproveURL>'.$approveUrl.'</ApproveURL>
<CancelURL>'.$cancelUrl.'</CancelURL>
<DeclineURL>'.$declineUrl.'</DeclineURL>
</Order>
</Request>
</TKKPG>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $requestUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAPATH, "/etc/apache2/ssl/m4/mydomain.com.crt");
curl_setopt($ch, CURLOPT_CAINFO, "/etc/apache2/ssl/m4/mydomain.com.crt");
curl_setopt($ch, CURLOPT_CERTINFO, 1);
$headers = [];
array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
//array_push($headers, 'SoapAction: *');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$content = trim(curl_exec($ch));
var_dump($content);
var_dump(curl_getinfo($ch));
var_dump(curl_errno($ch));
var_dump(curl_error($ch));
curl_close($ch);
var_dump($content); 的输出为空 ''。var_dump(curl_getinfo($ch)); 的输出。
数组(大小=26)
'url' => 字符串 'https://api.given.bypg'
'content_type' => 空
'http_code' => 整数 0
'header_size' => 整数 0
'request_size' => 整数 0
'filetime' => 整数 -1
'ssl_verify_result' => 整数 1
'redirect_count' => 整数 0
'total_time' => 浮动 0.488533
'namelookup_time' => 浮动 0.028558
'connect_time' => 浮动 0.256858
'pretransfer_time' => 浮动 0
'size_upload' => 浮动 0
'size_download' => 浮动 0
'speed_download' => 浮动 0
'speed_upload' => 浮动 0
'download_content_length' => 浮动-1
'upload_content_length' => 浮动-1
'starttransfer_time' => 浮动 0
'redirect_time' => 浮动 0
'redirect_url' => 字符串 '' (长度=0)
'primary_ip' => 字符串 '91.227.244.57' (长度=13)
'certinfo' =>
数组(大小=0)
空
'primary_port' => 整数 8444
'local_ip' => 字符串 '192.168.100.64' (长度=14)
'local_port' => 整数 53456
var_dump(curl_errno($ch)); 的输出:int 60
var_dump(curl_error($ch));的输出:
字符串'SSL certificate problem: unable to get local issuer certificate'(长度=63)
API 似乎没有返回任何数据,如 curl_getinfo() 中所见。请帮助我,我几乎看到了社区中建议的所有解决方案。
我已经编辑了我的 php.ini 文件以提供从 curl 网站下载的证书的路径。但这也不起作用。
当您连接到服务器以建立安全连接时,您作为客户端会在与服务器的对话开始时获得服务器的证书。该证书及其私钥用于建立安全连接。您的客户希望确保服务器的证书是可信的,并且不是由中间人攻击者创建的。因此,您的客户端需要拥有签署服务器证书的 CA 证书。上面的错误意味着客户端试图找到服务器的证书颁发者(或链中的颁发者之一)但没有找到。它试图找到它的地方是在指定的 /etc/apache2/ssl/m4/mydomain.com.crt 文件中。您有两个选择:将 CA 证书添加到文件或通过将 CURLOPT_SSL_VERIFYPEER 设置为 false 来禁用服务器证书验证(不安全)。
我得到了 API 提供者的支持,他们指出了我的方法中缺少的一些东西。对于他们的网关,我需要在 curl 请求中加载私钥、public 密钥和保护这些密钥的密码。解决方法如下:
/*ssl crts*/
$twpg_cert_file = "/etc/apache2/ssl/m4/mydomain.com.crt";
$twpg_key_file = "/etc/apache2/ssl/m4/mydomain.com.key";
$twpg_key_password = '';
/*ssl crts*/
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $requestUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSLCERT, $twpg_cert_file);
curl_setopt($ch, CURLOPT_SSLKEY, $twpg_key_file);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $twpg_key_password);
curl_setopt($ch, CURLOPT_CERTINFO, 1);
$headers = [];
array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$content = trim(curl_exec($ch));
curl_close($ch);
现在一切正常。
我正在尝试 post 将数据发送到支付网关 API。它需要 post 格式的 xml 数据。我有以下代码:
<?php
$requestUrl = 'https://api.given.bypg'; //$block->getPaymentUrl();
$amount = 100; // $block->totalOrderAmount()*100;
$approveUrl = $block->approveUrl();
$cancelUrl = $block->cancelUrl();
$declineUrl = $block->declineUrl();
$merchant = 'mydomain.com';
//$amount = '100'; // in cents. 1$ = 100cents.
$currency = '840'; // for dollar
$description = 'Happy customers is what we make.';
$merchantId = 'Nobel106513';
?>
<?php
echo $requestUrl;
$xml_data = '<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language>EN</Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>'.$merchantId.'</Merchant>
<Amount>'.$amount.'</Amount>
<Currency>'.$currency.'</Currency>
<Description>'.$description.'</Description>
<ApproveURL>'.$approveUrl.'</ApproveURL>
<CancelURL>'.$cancelUrl.'</CancelURL>
<DeclineURL>'.$declineUrl.'</DeclineURL>
</Order>
</Request>
</TKKPG>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $requestUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAPATH, "/etc/apache2/ssl/m4/mydomain.com.crt");
curl_setopt($ch, CURLOPT_CAINFO, "/etc/apache2/ssl/m4/mydomain.com.crt");
curl_setopt($ch, CURLOPT_CERTINFO, 1);
$headers = [];
array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
//array_push($headers, 'SoapAction: *');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$content = trim(curl_exec($ch));
var_dump($content);
var_dump(curl_getinfo($ch));
var_dump(curl_errno($ch));
var_dump(curl_error($ch));
curl_close($ch);
var_dump($content);的输出为空''。var_dump(curl_getinfo($ch));的输出。数组(大小=26)
'url' => 字符串 'https://api.given.bypg'
'content_type' => 空
'http_code' => 整数 0
'header_size' => 整数 0
'request_size' => 整数 0
'filetime' => 整数 -1
'ssl_verify_result' => 整数 1
'redirect_count' => 整数 0
'total_time' => 浮动 0.488533
'namelookup_time' => 浮动 0.028558
'connect_time' => 浮动 0.256858
'pretransfer_time' => 浮动 0
'size_upload' => 浮动 0
'size_download' => 浮动 0
'speed_download' => 浮动 0
'speed_upload' => 浮动 0
'download_content_length' => 浮动-1
'upload_content_length' => 浮动-1
'starttransfer_time' => 浮动 0
'redirect_time' => 浮动 0
'redirect_url' => 字符串 '' (长度=0)
'primary_ip' => 字符串 '91.227.244.57' (长度=13)
'certinfo' =>
数组(大小=0)
空
'primary_port' => 整数 8444
'local_ip' => 字符串 '192.168.100.64' (长度=14)
'local_port' => 整数 53456var_dump(curl_errno($ch));的输出:int 60var_dump(curl_error($ch));的输出:字符串'SSL certificate problem: unable to get local issuer certificate'(长度=63) API 似乎没有返回任何数据,如 curl_getinfo() 中所见。请帮助我,我几乎看到了社区中建议的所有解决方案。
我已经编辑了我的 php.ini 文件以提供从 curl 网站下载的证书的路径。但这也不起作用。
当您连接到服务器以建立安全连接时,您作为客户端会在与服务器的对话开始时获得服务器的证书。该证书及其私钥用于建立安全连接。您的客户希望确保服务器的证书是可信的,并且不是由中间人攻击者创建的。因此,您的客户端需要拥有签署服务器证书的 CA 证书。上面的错误意味着客户端试图找到服务器的证书颁发者(或链中的颁发者之一)但没有找到。它试图找到它的地方是在指定的 /etc/apache2/ssl/m4/mydomain.com.crt 文件中。您有两个选择:将 CA 证书添加到文件或通过将 CURLOPT_SSL_VERIFYPEER 设置为 false 来禁用服务器证书验证(不安全)。
我得到了 API 提供者的支持,他们指出了我的方法中缺少的一些东西。对于他们的网关,我需要在 curl 请求中加载私钥、public 密钥和保护这些密钥的密码。解决方法如下:
/*ssl crts*/
$twpg_cert_file = "/etc/apache2/ssl/m4/mydomain.com.crt";
$twpg_key_file = "/etc/apache2/ssl/m4/mydomain.com.key";
$twpg_key_password = '';
/*ssl crts*/
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $requestUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSLCERT, $twpg_cert_file);
curl_setopt($ch, CURLOPT_SSLKEY, $twpg_key_file);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $twpg_key_password);
curl_setopt($ch, CURLOPT_CERTINFO, 1);
$headers = [];
array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$content = trim(curl_exec($ch));
curl_close($ch);
现在一切正常。