cacert.pem到底是做什么用的? [英] What exactly is cacert.pem for?
问题描述
在我的PayPal Pro付款页面中,我将cURL函数curl_setopt_array()与以下选项一起使用:cUIn CURLOPT_CAINFO => dirname( FILE )。 ‘/cacert.pem’。
工作正常,但是即使经过一些研究,我也不知道cacert.pem的确切含义。我不理解到处都提到的针对的概念。这个文件和我购买给提供商的.csr / .crt证书之间是什么关系?
cacert.pem 是一堆CA证书,可用于验证服务器确实是您要与之对话的正确站点(当它通过SSL握手方式显示其证书时)。该捆绑包可以由curl或wget之类的工具以及其他使用TLS / SSL的软件使用。该捆绑软件应包含您信任的CA的证书。有时将此捆绑包称为 CA证书存储。
示例:
curl --cacert cacert.pem https://example.com
在curl项目中,提供了一个 cacert.pem ,该文件是从Mozilla为Firefox发行的ca证书转换而来的。 p>
通过使用数字签名来完成。有关什么是CA(证书颁发机构)的完整说明,请参阅Wikipedia。
In my PayPal Pro payment page I use the cURL function curl_setopt_array() with the following option : cUIn CURLOPT_CAINFO => dirname(FILE) . '/cacert.pem'.
Works fine, however even after some research I don't understand what exactly is cacert.pem for. I don't understand the concept of "verification against" that is mentioned everywhere. And what is the relationship between this file and the .csr/.crt certificate I bought to my provider ?
cacert.pem is a bundle of CA certificates that you use to verify that the server is really the correct site you're talking to (when it presents its certificate in the SSL handshake). The bundle can be used by tools like curl or wget, as well as other TLS/SSL speaking software. The bundle should contain the certificates for the CAs you trust. This bundle is sometimes referred to as the "CA cert store".
Example:
curl --cacert cacert.pem https://example.com
In the curl project, there's a cacert.pem being provided that is converted from the ca certs Mozilla ships for Firefox.
It is done by the use of digital signatures. For the full explanation of what a CA (certificate authority) is, I refer to wikipedia.
这篇关于cacert.pem到底是做什么用的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
