您的位置: 首页  >  技术问答  >  具有SSL证书的cURL失败:错误58无法设置私钥文件

具有SSL证书的cURL失败:错误58无法设置私钥文件

分类: 技术问答 2022-04-17 17:52:58
问题描述:

我正在尝试使用cURL连接到远程主机.连接需要使用证书和受密码保护的私钥.到目前为止,我无法使用以下代码:

I'm trying to connect to a remote host using cURL. The connection requires the use of a certificate and a private key which is password protected. So far I'm unsuccessful with this code below:

<?php
    $wsdl       = 'https://domain.com/?wsdl';
    $certFile   = getcwd() . '/auth/cert.pem';
    $keyFile    = getcwd() . '/auth/key.pem';
    $password   = 'pwd';

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL,           $wsdl);
    curl_setopt($ch, CURLOPT_SSLCERT,       $certFile);
    curl_setopt($ch, CURLOPT_SSLKEYPASSWD,  $password);
    curl_setopt($ch, CURLOPT_SSLKEY,        $keyFile);
    #curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
    #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    $output = curl_exec($ch);

    var_dump(curl_errno($ch));
    var_dump(curl_error($ch));

我一直得到的结果是错误58:unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM.

The result I keep getting is error 58: unable to set private key file: '/home/.../domains/.../public_html/auth/key.pem' type PEM.

到目前为止我已经尝试过的事情:

Things I've tried so far:

  • 按照以下建议检查密钥文件是否可读:无法使用libcurl访问需要客户端身份验证的网站.到目前为止没有运气.
  • 玩弄了其他一些选项,例如SLL_VERIFY_PEERSSL_VERIFY_HOSTSSL_CERTTYPE和其他对于官方PHP文档而言似乎微不足道的选项.到目前为止没有运气.
  • Check if the key-file is readable as suggested here: Unable to use libcurl to access a site requiring client authentication. Trying to pass the file through openssl_private_key() gives me a resource, and not a boolean. So this seems good.
  • Switch the order of the content in the key.pem file as suggested here: Unable to use libcurl to access a site requiring client authentication. No luck so far.
  • Played around with some other options like SLL_VERIFY_PEER, SSL_VERIFY_HOST, SSL_CERTTYPE and other options which seemed trivial regarding the official PHP-docs. No luck so far.

我很确定问题出在我的配置中,但是我不确定在哪里看.

I'm pretty sure the problem lies somehwere in my configuration, but I'm not sure where to look.

我已解决此问题.我认为,由于与此问题相关的问题数量众多,并且解决方案数量众多,因此其他人将从该解决方案中受益.去吧:

I've fixed this problem. I think, due to the number of questions regarding this issue and number of different solutions, others will benefit from the solution. Here goes:

我使用openssl CLI程序将.p12密钥文件转换为.pem密钥文件.诀窍是转换发生的方式.

I used the openssl CLI program to convert the .p12 key-file to a .pem key-file. The trick is the way the conversion takes place.

首先,我使用此命令对其进行了转换,但遇到了问题中所述的问题:

First I converted it with this command and I had the issue as described in the question:

openssl pkcs12 -in key.p12 -out key.pem -nodes -clcerts

虽然以下命令确实有效:

While the command below did the actual trick:

openssl pkcs12 -in key.p12 -out key.pem -clcerts

有关更多信息,请参见我使用的来源: https://community.qualys.com/docs/DOC-3273

For more info please see the source I used: https://community.qualys.com/docs/DOC-3273

相关推荐