【发布时间】:2018-04-17 12:47:40
【问题描述】:
当我向我的专用服务器发出 https 请求时,我在验证我的证书时遇到了问题
我运行这个命令来创建我的证书和我的私钥:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -passout file:passphrase.txt -out cert.pem -days 365
当我运行命令以查看证书和密钥是否匹配时,它们匹配
然后,我已经设置了我的 ssl 服务器:
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
server_name mydomain.com;
ssl on;
ssl_certificate /pathtocert.pem;
ssl_certificate_key /pathtokey.pem;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
ssl_password_file /pathtopassphrase.txt;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /pathtocert.pem;
# Google DNS, Open DNS, Dyn DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;
但是当我执行我的 curl 请求时:
// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
"APIKEY: " . self::APIKEY,
'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, public_path() . "\CA\Something.crt");
// EXECUTE:
$result = curl_exec($curl);
我收到如下证书问题:
SSL:无法从对等证书中获取公用名
我必须简单地保护我的 API,这是我的目标。
【问题讨论】:
标签: php ssl curl nginx openssl