证书CA软件包文件:PEM - PHP / cURL - 本地安装...?
我使用Windows Server 2008 R2(使用IIS),PHP 5.6.0和cURL 7.36.0来测试PayPal的TLS测试网址:
I'm using Windows Server 2008 R2 (with IIS), PHP 5.6.0 and cURL 7.36.0 to test against PayPal's TLS test URL:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem');
$result = curl_exec($ch);
curl_close($ch);
当我使用 CURLOPT_CAINFO 和 cacert.pem 来自 http://curl.haxx.se /docs/caextract.html 它的工作原理,我得到:
When I use CURLOPT_CAINFO and cacert.pem from http://curl.haxx.se/docs/caextract.html it works and I get:
PayPal_Connection_OK
PayPal_Connection_OK
当我不使用 CURLOPT_CAINFO 时出现这个错误:
When I don't use CURLOPT_CAINFO I get this error:
SSL证书问题:无法获取本地颁发者证书
SSL certificate problem: unable to get local issuer certificate
p>
I've tried this:
- mmc
- 文件>添加/删除管理单元
- Certificates(Local Computer)
- 受信任的根证书颁发机构>证书
- 所有任务>导入
-
cacert.pem - 消息:导入成功
- mmc
- File > Add/remove snap-in
- Certificates (Local Computer)
- Trusted Root Certification Authorities > Certificates
- All tasks > Import
- Select
cacert.pem - Message: "The import was successful"
但是这没有什么区别,我仍然必须使用 CURLOPT_CAINFO 才能工作。
However this has made no difference, I still have to use CURLOPT_CAINFO for it to work.
有没有办法我可以安装所有这些根证书在我们的Windows服务器,所以我不必使用 CURLOPT_CAINFO 和 cacert
Is there any way I can install all these root certificates on our Windows Server so that I don't have to use CURLOPT_CAINFO and cacert.pem with every call I make..?
您可以利用您的php.ini设置cacert.pem所在位置的绝对路径。
You can leverage your php.ini to set the absolute path of where the cacert.pem is located.
指令 curl.cainfo