cacert.pem 到底是做什么用的? [英] What exactly is cacert.pem for?

问题描述

In my PayPal Pro payment page I use the cURL function curl_setopt_array() with the following option : cUIn CURLOPT_CAINFO => dirname(__FILE__) . '/cacert.pem'.

Works fine, however even after some research I don't understand what exactly is cacert.pem for. I don't understand the concept of "verification against" that is mentioned everywhere. And what is the relationship between this file and the .csr/.crt certificate I bought to my provider?

解决方案

cacert.pem is a bundle of CA certificates that you use to verify that the server is really the correct site you're talking to (when it presents its certificate in the SSL handshake). The bundle can be used by tools like curl or wget, as well as other TLS/SSL speaking software. The bundle should contain the certificates for the CAs you trust. This bundle is sometimes referred to as the "CA cert store".

Example:

curl --cacert cacert.pem https://example.com

In the curl project, there's a cacert.pem being provided that is converted from the ca certs Mozilla ships for Firefox.

It is done by the use of digital signatures. For the full explanation of what a CA (certificate authority) is, I refer to wikipedia.

这篇关于cacert.pem 到底是做什么用的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！