php 带有 SSL 证书的 cURL 失败:错误 58 无法设置私钥文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27102176/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
cURL with SSL certificates fails: error 58 unable to set private key file
提问by Ben Fransen
I'm trying to connect to a remote host using cURL. The connection requires the use of a certificate and a private key which is password protected. So far I'm unsuccessful with this code below:
我正在尝试使用 cURL 连接到远程主机。连接需要使用证书和受密码保护的私钥。到目前为止,我没有成功使用下面的代码:
<?php
$wsdl = 'https://domain.com/?wsdl';
$certFile = getcwd() . '/auth/cert.pem';
$keyFile = getcwd() . '/auth/key.pem';
$password = 'pwd';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wsdl);
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $password);
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);
#curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$output = curl_exec($ch);
var_dump(curl_errno($ch));
var_dump(curl_error($ch));
The result I keep getting is error 58: unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM.
我不断得到的结果是错误58:unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM。
Things I've tried so far:
到目前为止我尝试过的事情:
- Check if the key-file is readable as suggested here: Unable to use libcurl to access a site requiring client authentication. Trying to pass the file through
openssl_private_key()gives me a resource, and not a boolean. So this seems good. - Switch the order of the content in the key.pem file as suggested here: Unable to use libcurl to access a site requiring client authentication. No luck so far.
- Played around with some other options like
SLL_VERIFY_PEER,SSL_VERIFY_HOST,SSL_CERTTYPEand other options which seemed trivial regarding the official PHP-docs. No luck so far.
- 按照此处的建议检查密钥文件是否可读:无法使用 libcurl 访问需要客户端身份验证的站点。尝试传递文件
openssl_private_key()给了我一个资源,而不是一个布尔值。所以这看起来不错。 - 按照此处的建议切换 key.pem 文件中的内容顺序:无法使用 libcurl 访问需要客户端身份验证的站点。到目前为止没有运气。
- 与其他一些选项,如发挥各地
SLL_VERIFY_PEER,SSL_VERIFY_HOST,SSL_CERTTYPE关于PHP官方-docs的这似乎微不足道,其他选项。到目前为止没有运气。
I'm pretty sure the problem lies somehwere in my configuration, but I'm not sure where to look.
我很确定问题出在我的配置中,但我不确定去哪里找。
回答by Ben Fransen
I've fixed this problem. I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution. Here goes:
我已经解决了这个问题。我认为,由于有关此问题的问题数量和不同解决方案的数量,其他人将从该解决方案中受益。开始:
I used the opensslCLI program to convert the .p12 key-file to a .pem key-file. The trick is the way the conversion takes place.
我使用opensslCLI 程序将 .p12 密钥文件转换为 .pem 密钥文件。诀窍是转换发生的方式。
First I converted it with this command and I had the issue as described in the question:
首先,我用这个命令转换了它,我遇到了问题中描述的问题:
openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts
openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts
While the command below did the actual trick:
虽然下面的命令做了实际的技巧:
openssl pkcs12 -in key.p12 -out key.pem -clcerts
openssl pkcs12 -in key.p12 -out key.pem -clcerts
For more info please see the source I used: https://community.qualys.com/docs/DOC-3273
有关更多信息,请参阅我使用的来源:https: //community.qualys.com/docs/DOC-3273
回答by jgibbs
Just in case this is useful to others searching for this problem, I ended up discovering that CURLOPT_SSLCERT and CURLOPT_SSLKEY don't seem to work with relative paths.
以防万一这对搜索此问题的其他人有用,我最终发现 CURLOPT_SSLCERT 和 CURLOPT_SSLKEY 似乎不适用于相对路径。
This is with WAMP, php version 5.5 on Windows.
这是 WAMP,Windows 上的 php 5.5 版。
