dongque3797
2016-01-28 10:39
浏览 116
已采纳

证书CA捆绑文件:PEM - PHP / cURL - 本地安装..?

I'm using Windows Server 2008 R2 (with IIS), PHP 5.6.0 and cURL 7.36.0 to test against PayPal's TLS test URL:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem');
$result = curl_exec($ch);
curl_close($ch);

When I use CURLOPT_CAINFO and cacert.pem from http://curl.haxx.se/docs/caextract.html it works and I get:

PayPal_Connection_OK

When I don't use CURLOPT_CAINFO I get this error:

SSL certificate problem: unable to get local issuer certificate

I've tried this:

  1. mmc
  2. File > Add/remove snap-in
  3. Certificates (Local Computer)
  4. Trusted Root Certification Authorities > Certificates
  5. All tasks > Import
  6. Select cacert.pem
  7. Message: "The import was successful"

However this has made no difference, I still have to use CURLOPT_CAINFO for it to work.

Is there any way I can install all these root certificates on our Windows Server so that I don't have to use CURLOPT_CAINFO and cacert.pem with every call I make..?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • du248227 2016-01-28 11:09
    已采纳

    You can leverage your php.ini to set the absolute path of where the cacert.pem is located.

    The directive is curl.cainfo

    Set it, or at least read its value and place your file at the right position.

    See: http://php.net/manual/en/curl.configuration.php

    打赏 评论

相关推荐 更多相似问题