Drupal Curl SSL证书错误 [英] Drupal Curl SSL Certificate Error
问题描述
我们正在使用Drupal / Ubercart网站,最近我注意到付款请求失败。
We are using a Drupal / Ubercart site, and recently I noticed that payment requests are failing.
在Drupal日志中,我看到一个错误:
In the Drupal logs I see an error like so:
cURL错误:SSL证书问题:无法获取本地发行者
证书
cURL error: SSL certificate problem: unable to get local issuer certificate
我发现了一些解决方案,并尝试实现它们,但没有结果。我尝试的一些东西是:
I found a number of solutions, and tried implementing them but with no results. Some things I have tried are:
- 修改我的
/etc/php5/fpm/php.ini文件,以包括curl.cainfo = /srv/keys/cacert.pem(这是一个从 http://curl.haxx.se/ca/cacert.pem )。 - 在
uc_authorizenet.module文件中添加代码以直接指定cainfo:curl_setopt($ ch,CURLOPT_CAINFO,/ srv / keys / cacert。 pem);。
- Modifying my
/etc/php5/fpm/php.inifile to include the linecurl.cainfo = /srv/keys/cacert.pem(which is a file I downloaded from http://curl.haxx.se/ca/cacert.pem). - Adding the code in the
uc_authorizenet.modulefile to specify the cainfo directly:curl_setopt($ch, CURLOPT_CAINFO, "/srv/keys/cacert.pem");.
在执行这些步骤之前,我确保 ca-certificates 包已安装并且是最新的。每次更改后,我重新启动 php5-fpm 和 nginx ,但我仍然得到相同的错误,获得本地颁发者证书。
Before taking these steps, I ensured that the ca-certificates package is installed and up to date. After each change I restarted php5-fpm and nginx, but I still get the same error about how it is unable to get the local issuer certificate.
感谢您的帮助!
推荐答案
问题是 https://secure.authorize.net/gateway/transact的根CA。 dll (以及authorize.net上的其他安全网址)不包含在CA软件包中http://curl.haxx.se/ca/cacert.pem ,原因很好:如果您访问该页面并查看证书路径中根CA的详细信息,您将注意到Sha1指纹是99 a6 9b e6 1a fe 88 6b 4d 2b 82 00 7c b8 54 fc 31 7e 15 39。在互联网上的搜索将引导您到此页
https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/ ,这说明此根证书不再受信任。该解决方案在类似的问题中提供:
The issue is that the root CA for https://secure.authorize.net/gateway/transact.dll (and perhaps other secure urls at authorize.net) is not included in the CA bundle http://curl.haxx.se/ca/cacert.pem , for good reason : if you visit the page and look at the details of the root CA in the certificate path you will note that the Sha1 thumbprint is 99 a6 9b e6 1a fe 88 6b 4d 2b 82 00 7c b8 54 fc 31 7e 15 39 . A search on the Internet will lead you to this page https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/ , which explains that this root certificate is not trusted anymore. The solution is provided in a similar question : How comes authorize.net uses a certificate that is signed with a CA that is not in the well known curl.haxx.se/ca/cacert.pem list?
这篇关于Drupal Curl SSL证书错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
