cURL 58错误无法加载客户端密钥-8178 [英] cURL 58 error Unable to load client key -8178

问题描述

在此处输入代码我正在尝试建立我的第一个ssl连接，但是我无法查明错误代码58无法加载的原因。

enter code hereI am trying to build me first ssl connection however i am unable to pinpoint what the reason is for error code 58 Unable to load.

我正在使用php curl来测试连接是否在使用代码中

i am using php curl to test the connection here is the code is use

$port = "443"; 

        $cert = getcwd() . "/controllers/ssl/certificate.pem";
        $testxml = "testset/npsLv01.xml";

        $headers = array(
            'Content-Type: text/xml; charset="utf-8"',
            'Content-Length: '.strlen($testxml),
            'Accept: text/xml',
            'Cache-Control: no-cache',
            'Pragma: no-cache',
            'SOAPAction: "Send"'
        ); 

        try {
        $ch = curl_init($testurl);

        if (FALSE === $ch)
            throw new Exception('failed to initialize');

        //curl opties om ssl verbinding op te zetten
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSLVERSION, 6);
        curl_setopt($ch, CURLOPT_SSLCERT, $cert);
        curl_setopt($ch, CURLOPT_PORT, $port);


        //post data afhandeling
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
        curl_setopt($ch, CURLOPT_POSTFIELDS, $testxml);

        //headers voor het verwerken van de post
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

        //timeout settings
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 10);

        //trying stuff out
        curl_setopt($ch, CURLOPT_NOBODY, true);
        curl_setopt($ch, CURLOPT_CERTINFO, true);
        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        //exec de request
        $data = curl_exec($ch);

        if (FALSE === $data)
            throw new Exception(curl_error($ch), curl_errno($ch));

        } catch(Exception $e) {

            echo 'error code = ';
            echo $e->getCode();
            echo " error message = ";
            echo $e->getMessage();
            die;

        }
        var_dump($data); die;

当执行此代码时，出现以下错误：
错误代码= 58错误消息=无法加载客户端密钥-8178

when is exec this code i get the following error: error code = 58 error message = Unable to load client key -8178

-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIDAPQqMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNDEyMDcyMTIwNTNaFw0xNzEyMTAwMTUxMTdaMIGYMRMw
EQYDVQQLEwpHVDE2MDYzMTM0MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE0MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEdMBsGA1UEAwwUKi5panNzZWxnZW1lZW50
ZW4ubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDerCdu0VgKjUQL
PSls9zxw5i3J2k7w2Z537S2giNdLl53SDr2zLmiCQgqVju3G8QyoYA0f1lJV9z8J
HDI+awmBnj4IM/0GcnMxN7EMdymjAvfcyNu80mCOkaVZAGf0HTHj3ZUNeiu4PxSi
mdlCHKWhS0DkhuqEnZ2WCa8giTu1F72KyqqKzlo5wLTBlWblRhAZn6ohObSdPTkz
iXSMmom8fihPiz/ilpQtJxVs7wYXhpQRKw1rlWCeK/EERQUI3YhJh4iJexhP3JCm
/jLPcFIpCbCHmh4o82vr1oH8g1+T2k9DrvarG9mDf2ueMtCxURdcT6UBB/d2ioDJ
JKIMSSLPAgMBAAGjggFkMIIBYDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz
4gjLWTBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1j
ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYD
VR0RBCwwKoIUKi5panNzZWxnZW1lZW50ZW4ubmyCEmlqc3NlbGdlbWVlbnRlbi5u
bDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAM
BgNVHRMBAf8EAjAAMEUGA1UdIAQ+MDwwOgYKYIZIAYb4RQEHNjAsMCoGCCsGAQUF
BwIBFh5odHRwczovL3d3dy5yYXBpZHNzbC5jb20vbGVnYWwwDQYJKoZIhvcNAQEL
BQADggEBAEZbL3L9VLuhrGSsVkWT6KYEQEj73oofh/+wQRRjVR/yjHniGIiVxZG1
uQGpHf5G+ap2BxSucLuJNfLcKszS54NTdFNJk4o/N2fsGIRvd1ts+SWg2fdt9BnH
4hvMBXQCBB2FQDIro3lR7JFWF3KIcCReVog84/JShibTJjwpDRFbkzGsnJ8ERUhv
4ZQ8HimOQkqIXMS61YxgpwfB+lb77cxu73tON2HMolabgdkpnJ9ixX1O5siI65lp
3xiHN3o9sJ33V4Q0mBhOBOqAZCvaJ/rY91ESBTIqZYZ4foBHwiYCLTVCvRCjGYjA
VO/CgSlN0WHRrHw6pxwtf3qcYAp67No=

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
gP8L8mJMcCal

-----END CERTIFICATE-----

推荐答案

通过将 CURLOPT_SSLCERT 设置为 / controllers / ssl / certificate.pem 将此文件设置为客户端应用于针对服务器进行身份验证的证书。在这种情况下，证书需要随附与服务器中的公钥匹配的私钥。但这不是，这就是为什么出现错误无法加载客户端密钥 。

By setting CURLOPT_SSLCERT to /controllers/ssl/certificate.pem you set this file up as the certificate the client should use to authenticate itself against the server. In this case the certificate needs to be accompanied with the private key matching the public key in the server. But, it doesn't and that's why you get the error "Unable to load client key".

使用证书文件的内容似乎对文件的用途有误解。该文件包含两个证书，其中第二个是公用名称为 *。ijsselgemeenten.nl 的服务器的叶证书，而第一个是该证书的颁发此证书的子CA RapidSSL SHA256 CA-G3 。我的猜测是这些不应该用作客户端证书，而应该是客户端应该期望的服务器证书。

After the question was edited with the contents of the certificate file it looks like that there is a misunderstanding of the purpose of the file. The file consists of two certificates, where the second on is the leaf certificate for a server with a common name of *.ijsselgemeenten.nl while the first one is the certificate for the sub-CA which issued this certificate RapidSSL SHA256 CA - G3. My guess is that these should not be used as client certificates but that this is the server certificate which should get expected by the client.

在这种情况下：

• CURLOPT_SSL_VERIFYPEER 不应设置为false，因为应该验证服务器


• CURLOPT_SSLCERT 不应设置，因为不应该使用客户端证书进行身份验证


• 如果同时使用服务器CA和本地CA商店已正确设置，现在应该可以使用了。如果不是这样（即在服务器上缺少子CA），则可以尝试设置 CURLOPT_CAINFO 到给定文件。

• CURLOPT_SSL_VERIFYPEER should not be set to false because the server should be validated
• CURLOPT_SSLCERT should not be set since no authentication with a client certificate should be done
• If both server and local CA store are setup properly it should work now. If not (i.e. missing sub-CA at the server) one might try to set CURLOPT_CAINFO to the given file.

这篇关于cURL 58错误无法加载客户端密钥-8178的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！