如何解决错误“无法加载 PEM 客户端证书,OpenSSL 错误:02001003:system library:fopen:No such process"?
如果这个问题很愚蠢,请原谅,但我是这方面的新手.我需要从 Drupal 7 站点通过 SSL 连接到服务.我有一个带有.p12"扩展名的文件和一个密码.另外,我使用 PHP 7.1 1 和 Windows 7 64x.我使用以下命令将 .p12 文件转换为 .pem 文件.
Excuse me if the question is silly, but I'm a novice in this area. I need to connect to a service via SSL from a Drupal 7 site. I have a file with a ".p12" extension and a password for it. Also, I use PHP 7.1 1 and Windows 7 64x. I converted .p12-file into .pem-file using the following command.
openssl pkcs12 -in myfile.p12 -out myfile.pem
在我将 Openssl 安装到我的计算机中并将路径添加到 Windows 之前.之后,我尝试使用以下代码使用 CURL 函数连接到服务器.
Before I installed Openssl into my computer and added paths into Windows. After it I'm trying to use the following code for connecting to the server using CURL functions.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'my_addr');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLCERT, 'myfile.pem');
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, 'mypsw');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
if ($result === FALSE){
$curl_error = curl_error($ch);
}
curl_close($ch);
不幸的是,curl_exec 返回 FALSE,而 curl_error 返回以下内容:
Unfortunately, curl_exec returns FALSE and curl_error returns the following:
could not load PEM client certificate, OpenSSL error error:02001003:system library:fopen:No such process, (no key found, wrong pass phrase, or wrong file format?)
我决定在 Linux 共享主机上的客户端站点上执行此代码,而我的本地主机在 Windows 7 64x 上运行.代码执行没有任何错误,但 curl_exec 返回一个空字符串.
I decide to execute this code on the client's site which is on a Linux shared hosting, whereas my localhost works on Windows 7 64x. The code is executed without any errors, but curl_exec returns a void string.
我想澄清一下,我做错了什么以及为什么不想加载 PEM 客户端证书?我应该在本地主机上做什么来解决这个问题?我不能放弃使用 Windows 7 而开始使用 Linux.
I want to clarify, what am I doing wrong and why PEM client certificate doesn't want to load? What should I do on my localhost to solve this problem? I can't give up using Windows 7 and start using Linux instead it.
推荐答案
对于 SSL 验证,您需要 pem 格式的证书,它是关联的私钥(openssl 格式)和签署您的证书的认证机构的根证书pem 格式.
For a SSL verification you need a cert in pem format, it's associated private key (in openssl format) and the root certificate of the certification authoritity that signed your certificate in pem format.
检查此完整示例:
PHP:CURLOPT_SSLCERT的路径
如果你没有被告知,错误信息不是很清楚,但它说:
The error message is not really clear if your are not informed but it say it :
无法加载 PEM 客户端证书,OpenSSL 错误error:02001003:system library:fopen:No such process, (no key found,密码错误或文件格式错误?)
could not load PEM client certificate, OpenSSL error error:02001003:system library:fopen:No such process, (no key found, wrong pass phrase, or wrong file format?)
问候,
相关文章