服务器续订证书后,与WSDL服务的PHP安全连接断开 [英] PHP secure connection with WSDL service breaks after server renewed certificate
问题描述
新证书是 Symantec Class 3 EV SSL CA-G3。客户有CentOS。无法控制服务器,它是第三方。在Firefox和Chrome中加载WDSL https地址时,两个浏览器都显示安全连接,没问题。
The new certificate is "Symantec Class 3 EV SSL CA - G3". The client has CentOS. There is no control over the server, it is third party. When the WDSL https address is loaded in Firefox and Chrome, both browsers show "Secure connection", no problem.
WSDL地址为 https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL
测试代码:
$success = false;
$attempts = 0;
while (($success === false) && ($attempts < 10)) {
$attempts ++;
echo 'Attempt ' . $attempts . '<br>';
try {
$wsdl = 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL';
$entity_loader_status_old = libxml_disable_entity_loader(false);
$SoapClient = new SoapClient($wsdl);
$seed = $SoapClient -> getSeed();
libxml_disable_entity_loader($entity_loader_status_old);
$success = true;
} catch (Exception $Exception) {
echo $Exception -> getMessage() . '<br>';
}
}
if ($success === true) {
echo 'SUCCESS';
} else {
echo 'ERROR';
}
默认情况下,连接是安全的,因为PHP版本为5.6.22(超过5.5.x)。
The connection is secure by default, because the PHP version is 5.6.22 (more than 5.5.x).
推荐答案
Possible duplicate: OpenSSL: unable to verify the first certificate for Experian URL
要解决此问题,请创建一个 cafile.pem
并连接所需的Symantec证书(主中间证书和根证书),如上面的可能重复问题链接所示(请参见 spuder 的答案)。
To solve create a cafile.pem
and concatenate the required Symantec certificates (primary intermediate and root) as shown in the possible duplicate question link above (see spuder's answer).
要创建的 cafile.pem
引用了 spuder :
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
然后在PHP中使用下一个 $ options
创建 SoapClient
对象:
Then in PHP use the next $options
for creating the SoapClient
object:
$options = [
'stream_context' => stream_context_create([
'ssl' => [
'cafile' => __DIR__ . '/cafile.pem',
],
]),
];
$SoapClient = new SoapClient($wsdl, $options);
这篇关于服务器续订证书后,与WSDL服务的PHP安全连接断开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!