PHP SSL CA 证书问题(路径?访问权限?)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7179216/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Problem with the SSL CA cert (path? access rights?)
提问by Adam Jimenez
I get this error:
我收到此错误:
"Problem with the SSL CA cert (path? access rights?)"
“SSL CA 证书问题(路径?访问权限?)”
When doing:
做的时候:
$curl = curl_init('https://example.com' . ($method == 'GET' && $params ? '?' . $params : ''));
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
$response = curl_exec($curl);
print curl_error($curl)
Works ok on another server.
在另一台服务器上工作正常。
The SSL is using NSS. PHP 5.3.6
SSL 正在使用 NSS。PHP 5.3.6
采纳答案by Adam Jimenez
got it working by renaming the nssdb:
通过重命名 nssdb 使其工作:
mv /etc/pki/nssdb /etc/pki/nssdb.old
回答by chris
Had this happen to two servers which use the PayPal IPN, both at around the same time.
如果这发生在使用 PayPal IPN 的两台服务器上,两者几乎同时发生。
Fix was to restart Apache.
修复是重新启动Apache。
回答by Gajus
If you are getting "Problem with the SSL CA cert (path? access rights?)" it may very well mean that you have either deleted everything from /etc/pki/tls/certs/or have set invalid permissions (CHMOD).
如果您遇到“SSL CA 证书问题(路径?访问权限?)”,这很可能意味着您已经删除了所有内容/etc/pki/tls/certs/或设置了无效权限 (CHMOD)。
If you are using RHEL/CentOS, try yum reinstall openssl ca-certificates -y
如果您使用的是 RHEL/CentOS,请尝试 yum reinstall openssl ca-certificates -y
回答by gillytech
Just upgraded to PHP 5.5.17 and this is when the trouble started. The server runs PayPal transactions and cURL started failing on this error: "Problem with the SSL CA cert (path? access rights?)".
刚刚升级到 PHP 5.5.17,这是麻烦开始的时候。服务器运行 PayPal 交易,cURL 开始因以下错误而失败:“SSL CA 证书问题(路径?访问权限?)”。
I tried regenerating the certs, modifying the curl options, nothing was getting me anywhere. The solution was to simply reboot the server(CentOS 6.5 in my case). Hope this helps someone.
我尝试重新生成证书,修改 curl 选项,但没有任何帮助。解决方案是简单地重新启动服务器(在我的情况下为 CentOS 6.5)。希望这可以帮助某人。
回答by Pavel Jiri Strnad
It happen to me after update of packages.
更新软件包后发生在我身上。
Once I restarted the apache it got fixed.
一旦我重新启动了apache,它就得到了修复。
Then I installed it at production server and I got it again. This time it was mess at the certificates under /etc/pki/tls/certs/
然后我将它安装在生产服务器上,我又得到了它。这次是/etc/pki/tls/certs/下的证书乱七八糟
Backup the files and this command will fix it:
备份文件,此命令将修复它:
curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
回答by kenorb
On Ubuntu, you need to install CA certificates to allow SSL-based applications to check for the authenticity of SSL connections by:
在 Ubuntu 上,您需要安装 CA 证书以允许基于 SSL 的应用程序通过以下方式检查 SSL 连接的真实性:
sudo apt-get install ca-certificates
