SSL证书发行无法获取本地发行者证书 [英] SSL certificate issue unable to get local issuer certificate

问题描述

我正在尝试将数据发布到支付网关API.它要求以xml格式发布数据.我有以下代码:

I'm trying to post data to a payment gateway API. It required post data in xml format. I have the following code:

<?php
$requestUrl = 'https://api.given.bypg'; //$block->getPaymentUrl();

$amount = 100; // $block->totalOrderAmount()*100; 

$approveUrl = $block->approveUrl();
$cancelUrl =  $block->cancelUrl();
$declineUrl = $block->declineUrl();


$merchant = 'mydomain.com'; 
//$amount = '100'; // in cents. 1$ = 100cents. 
$currency = '840'; // for dollar
$description = 'Happy customers is what we make.';
$merchantId = 'Nobel106513';
?>

<?php
echo $requestUrl;
$xml_data = '<TKKPG>
<Request>
<Operation>CreateOrder</Operation>
<Language>EN</Language>
<Order>
<OrderType>Purchase</OrderType>
<Merchant>'.$merchantId.'</Merchant>
<Amount>'.$amount.'</Amount>
<Currency>'.$currency.'</Currency>
<Description>'.$description.'</Description>
<ApproveURL>'.$approveUrl.'</ApproveURL>
<CancelURL>'.$cancelUrl.'</CancelURL>
<DeclineURL>'.$declineUrl.'</DeclineURL>
</Order>
</Request>
</TKKPG>';

$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $requestUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_CAPATH, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CAINFO, "/etc/apache2/ssl/m4/mydomain.com.crt");
        curl_setopt($ch, CURLOPT_CERTINFO, 1);

        $headers = [];
        array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
        //array_push($headers, 'SoapAction: *');
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $content = trim(curl_exec($ch));
        var_dump($content);
        var_dump(curl_getinfo($ch));
        var_dump(curl_errno($ch));
        var_dump(curl_error($ch));
        curl_close($ch);

1. var_dump($ content); 的输出为空''.

2. var_dump(curl_getinfo($ ch)); 的输出.

数组(大小= 26)
'url'=>字符串' https://api.given.bypg '
'content_type'=> null
'http_code'=>整数0
'header_size'=>整数0
'request_size'=>整数0
'filetime'=>整数-1
'ssl_verify_result'=>整数1
'redirect_count'=>整数0
'total_time'=>浮点数0.488533
'namelookup_time'=>浮动0.028558
'connect_time'=>浮点数0.256858
'pretransfer_time'=>浮点数0
'size_upload'=>浮点数0
'size_download'=>浮点数0
'speed_download'=>浮点数0
'speed_upload'=>浮点数0
'download_content_length'=>浮点-1
'upload_content_length'=>浮点-1
'starttransfer_time'=>浮点数0
'redirect_time'=>浮点数0
'redirect_url'=>字符串''(长度= 0)
'primary_ip'=>字符串'91 .227.244.57'(长度= 13)
'certinfo'=>
数组(大小= 0)
空
'primary_port'=>整数8444
'local_ip'=>字符串'192.168.100.64'(长度= 14)
'local_port'=>整数53456

array (size=26)
'url' => string 'https://api.given.bypg'
'content_type' => null
'http_code' => int 0
'header_size' => int 0
'request_size' => int 0
'filetime' => int -1
'ssl_verify_result' => int 1
'redirect_count' => int 0
'total_time' => float 0.488533
'namelookup_time' => float 0.028558
'connect_time' => float 0.256858
'pretransfer_time' => float 0
'size_upload' => float 0
'size_download' => float 0
'speed_download' => float 0
'speed_upload' => float 0
'download_content_length' => float -1
'upload_content_length' => float -1
'starttransfer_time' => float 0
'redirect_time' => float 0
'redirect_url' => string '' (length=0)
'primary_ip' => string '91.227.244.57' (length=13)
'certinfo' =>
array (size=0)
empty
'primary_port' => int 8444
'local_ip' => string '192.168.100.64' (length=14)
'local_port' => int 53456

var_dump(curl_errno($ ch)); 的输出: int 60

var_dump(curl_error($ ch)); 的输出:

Output of var_dump(curl_error($ch)); :

字符串"SSL证书问题:无法获取本地颁发者证书"(长度= 63)似乎该API没有返回任何数据，如curl_getinfo()所示.请帮助我，我已经在社区中看到了几乎所有建议的解决方案.

string 'SSL certificate problem: unable to get local issuer certificate' (length=63) It seems like the API is returning no data as seen on curl_getinfo(). Please help me, I have seen almost every solution suggested in communities.

我已经编辑了我的 php.ini 文件，以提供从curl网站下载的证书的路径.但这效果不佳.

I have edited my php.ini file to give the path to the certificate downloaded from curl website. But this did not work as well.

推荐答案

我从我的API提供者那里获得了支持，他们指出了我的方法中缺少的东西.对于他们的网关，我需要加载私有密钥，公共密钥和密码，以在curl请求中保护这些密钥.解决方法如下:

I got support from my API providers who pointed something missing in my approach. For their gateway I needed to load the private key, public key and password that protects these keys in curl request. The solution is as follows:

/*ssl crts*/
$twpg_cert_file = "/etc/apache2/ssl/m4/mydomain.com.crt";
$twpg_key_file = "/etc/apache2/ssl/m4/mydomain.com.key";
$twpg_key_password = '';
/*ssl crts*/
$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $requestUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 60000);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data);//My post data
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_SSLCERT,  $twpg_cert_file);
        curl_setopt($ch, CURLOPT_SSLKEY, $twpg_key_file);
        curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $twpg_key_password);
        curl_setopt($ch, CURLOPT_CERTINFO, 1);
        $headers = [];
        array_push($headers, 'Content-Type: text/xml;charset=UTF-8');
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        $content = trim(curl_exec($ch));
        curl_close($ch);

现在一切正常.

这篇关于SSL证书发行无法获取本地发行者证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！