服务器续订证书后,与WSDL服务的PHP安全连接断开 [英] PHP secure connection with WSDL service breaks after server renewed certificate

查看:81
本文介绍了服务器续订证书后,与WSDL服务的PHP安全连接断开的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

新证书是 Symantec Class 3 EV SSL CA-G3。客户有CentOS。无法控制服务器,它是第三方。在Firefox和Chrome中加载WDSL https地址时,两个浏览器都显示安全连接,没问题。

The new certificate is "Symantec Class 3 EV SSL CA - G3". The client has CentOS. There is no control over the server, it is third party. When the WDSL https address is loaded in Firefox and Chrome, both browsers show "Secure connection", no problem.

WSDL地址为 https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL

测试代码:

$success = false;
$attempts = 0;

while (($success === false) && ($attempts < 10)) {
    $attempts ++;
    echo 'Attempt ' . $attempts . '<br>';

    try {
        $wsdl = 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL';
        $entity_loader_status_old = libxml_disable_entity_loader(false);
        $SoapClient = new SoapClient($wsdl);
        $seed = $SoapClient -> getSeed();
        libxml_disable_entity_loader($entity_loader_status_old);
        $success = true;
    } catch (Exception $Exception) {
        echo $Exception -> getMessage() . '<br>';
    }
}

if ($success === true) {
    echo 'SUCCESS';
} else {
    echo 'ERROR';
}

默认情况下,连接是安全的,因为PHP版本为5.6.22(超过5.5.x)。

The connection is secure by default, because the PHP version is 5.6.22 (more than 5.5.x).

推荐答案

可能重复:

Possible duplicate: OpenSSL: unable to verify the first certificate for Experian URL

要解决此问题,请创建一个 cafile.pem 并连接所需的Symantec证书(主中间证书和根证书),如上面的可能重复问题链接所示(请参见 spuder 的答案)。

To solve create a cafile.pem and concatenate the required Symantec certificates (primary intermediate and root) as shown in the possible duplicate question link above (see spuder's answer).

要创建的 cafile.pem 引用了 spuder 


-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: DigiCertCA.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate: TrustedRoot.crt) 
-----END CERTIFICATE-----


然后在PHP中使用下一个 $ options 创建 SoapClient 对象:

Then in PHP use the next $options for creating the SoapClient object:

$options = [
    'stream_context' => stream_context_create([
        'ssl' => [
            'cafile' => __DIR__ . '/cafile.pem',
        ],
    ]),
];

$SoapClient = new SoapClient($wsdl, $options);

这篇关于服务器续订证书后,与WSDL服务的PHP安全连接断开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆