使用 SSL 证书认证的 PHP TCP 连接到 EPP API [英] PHP TCP connection to EPP API using SSL certificate authentication

问题描述

我已经向上和向后尝试过，但没有任何成功.国家域名注册部门已决定将其整个系统更改为 EPP.他们的文档很差，但总结一下:

I have tried this upwards and backwards without any success. The national domain registry department has decided to change their entire system to EPP. Their documentation is very poor but to summarize:

• 通过 TCP 连接:epptest.ficora.fi 端口 700
• 要将防火墙列入白名单，请将 IP 地址和 SSL 证书添加到仪表板上的用户帐户(完成)

仪表板一团糟.我无法将相同的证书上传给不同的用户，我无法删除用户等.无论如何，您应该连接到该地址并在请求中使用相同的 SSL 证书验证自己(至少这是我所理解的)但是我无法让它工作.我的所有请求都返回:

The dashboard is a total mess. I cannot upload the same certificate to different users, I can't remove users etc. Anyhow, you are supposed to connect to that address and verify yourself using the same SSL certificate in the request (atleast that's what I've understood) but I cannot get it to work. All my requests return:

Error 7: "Failed to connect to epptest.ficora.fi port 700: Timed out"

我根据我在 POST 请求中发送的文档创建了一个登录 XML.

I've created a login XML based on the documentation which I send out in the POST request.

    ini_set('max_execution_time', 300);
    set_time_limit(0);

    $curl = curl_init();

    curl_setopt($curl, CURLOPT_URL, 'epptest.ficora.fi');
    curl_setopt($curl, CURLOPT_PORT, 700);
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $content);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($curl, CURLOPT_CONNECTTIMEOUT ,0);
    curl_setopt($curl, CURLOPT_TIMEOUT, 400);
    curl_setopt($curl, CURLOPT_SSLCERT, __DIR__ . '/certificate.crt');

    $output = curl_exec($curl);
    echo 'Error ' . curl_errno($curl) . ': "' . curl_error($curl) .'"';
    curl_close($curl);

可以找到证书文件，我做了一个file_get_contents()测试，读取OK.这是在 Windows 计算机上的本地主机测试.

The certificate file can be found, I did a file_get_contents() test and reads OK. This is a localhost test on a Windows computer.

在我自己的(实时)服务器上测试相同的代码:

Testing the same code on my own (live) server I get:

Error 56: "Recv failure: Connection reset by peer"

我不知道这听起来是否愚蠢，但请求是否必须来自服务器、来自使用 SSL 证书的地址?

I don't know if this sounds stupid or not but does the request have to originate from a server, from an address, where the SSL certificate is in use?

我完全不知道为什么它不起作用.有帮助吗?

I am at a complete loss with this as to why it doesn't work. Help, anyone?

编辑

Here's the cURL verbose information:

* About to connect() to epptest.ficora.fi port 700 (#0)
* Trying <ip_address>
* connected
* Connected to epptest.ficora.fi (<ip address>) port 700 (#0)
> POST / HTTP/1.1
Host: epptest.ficora.fi:700
Accept: */*
Content-type: text/xml
Content-length: 146

* upload completely sent off: 146 out of 146 bytes
* additional stuff not fine transfer.c:1037: 0 0
* Recv failure: Connection reset by peer
* Closing connection #0

推荐答案

最后的答案是通过另一个Stackoverflow 帖子.我实际上在证书中没有私钥，所以我必须做的是创建一个新的 .pem 文件(在任何编辑器中都是纯文本)并像这样粘贴私钥和证书:

The answer in the end came to me through another Stackoverflow post. I actually didn't have the private key in the certificate so what I had to do was create a new .pem file (just plain text in any editor) and paste the private key and certificate in it like so:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE----

-----END CERTIFICATE-----

证书中应该有密钥.我所拥有的只是它们分开.实际上没有人指出这一点.

The certificate is supposed to have the key in it. All I had was them separate. No one actually pointed this out.

但是！我无法在 cURL 中完成这项工作.我得到的响应是通过一个使用 stream_socket_client() 函数的 PHP-EPP 库.

HOWEVER! I was not able to make this work in cURL. The response I got was through a PHP-EPP library that uses stream_socket_client() function.

这篇关于使用 SSL 证书认证的 PHP TCP 连接到 EPP API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！