PHP 服务器更新证书后与 WSDL 服务的安全连接中断
PHP secure connection with WSDL service breaks after server renewed certificate
新证书是"Symantec Class 3 EV SSL CA - G3"。客户端有 CentOS。无法控制服务器,它是第三方。 WDSL https 地址在 Firefox 和 Chrome 中加载时,两个浏览器都显示 "Secure connection",没问题。
WSDL 地址是https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL
测试代码:
$success = false;
$attempts = 0;
while (($success === false) && ($attempts < 10)) {
$attempts ++;
echo 'Attempt ' . $attempts . '<br>';
try {
$wsdl = 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL';
$entity_loader_status_old = libxml_disable_entity_loader(false);
$SoapClient = new SoapClient($wsdl);
$seed = $SoapClient -> getSeed();
libxml_disable_entity_loader($entity_loader_status_old);
$success = true;
} catch (Exception $Exception) {
echo $Exception -> getMessage() . '<br>';
}
}
if ($success === true) {
echo 'SUCCESS';
} else {
echo 'ERROR';
}
默认连接是安全的,因为PHP版本是5.6.22(5.5.x以上)。
可能重复:OpenSSL: unable to verify the first certificate for Experian URL
要解决问题,请创建一个 cafile.pem 并连接所需的 Symantec 证书(主要中间证书和根证书),如上面可能重复的问题 link 所示(请参阅 spuder的回答)。
要创建的 cafile.pem 引自 spuder:
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
然后在 PHP 中使用下一个 $options 创建 SoapClient 对象:
$options = [
'stream_context' => stream_context_create([
'ssl' => [
'cafile' => __DIR__ . '/cafile.pem',
],
]),
];
$SoapClient = new SoapClient($wsdl, $options);
新证书是"Symantec Class 3 EV SSL CA - G3"。客户端有 CentOS。无法控制服务器,它是第三方。 WDSL https 地址在 Firefox 和 Chrome 中加载时,两个浏览器都显示 "Secure connection",没问题。
WSDL 地址是https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL
测试代码:
$success = false;
$attempts = 0;
while (($success === false) && ($attempts < 10)) {
$attempts ++;
echo 'Attempt ' . $attempts . '<br>';
try {
$wsdl = 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL';
$entity_loader_status_old = libxml_disable_entity_loader(false);
$SoapClient = new SoapClient($wsdl);
$seed = $SoapClient -> getSeed();
libxml_disable_entity_loader($entity_loader_status_old);
$success = true;
} catch (Exception $Exception) {
echo $Exception -> getMessage() . '<br>';
}
}
if ($success === true) {
echo 'SUCCESS';
} else {
echo 'ERROR';
}
默认连接是安全的,因为PHP版本是5.6.22(5.5.x以上)。
可能重复:OpenSSL: unable to verify the first certificate for Experian URL
要解决问题,请创建一个 cafile.pem 并连接所需的 Symantec 证书(主要中间证书和根证书),如上面可能重复的问题 link 所示(请参阅 spuder的回答)。
要创建的 cafile.pem 引自 spuder:
-----BEGIN CERTIFICATE----- (Your Primary SSL certificate: your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: DigiCertCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: TrustedRoot.crt) -----END CERTIFICATE-----
然后在 PHP 中使用下一个 $options 创建 SoapClient 对象:
$options = [
'stream_context' => stream_context_create([
'ssl' => [
'cafile' => __DIR__ . '/cafile.pem',
],
]),
];
$SoapClient = new SoapClient($wsdl, $options);