cURL 不喜欢 ssl 证书中的主题和主机名不匹配
cURL doesn't like the subject and host name mismatch in the ssl cert
我正在尝试自学 SSL 的工作原理。我需要通过 cURL 上的 rest 和 https 连接两台服务器。我得到了 crt 和 key selfsigned ok,浏览器通常询问你确定......打印全局变量显示 ssl apache 引擎正在工作......但 curl 不是......这是代码(我正在尝试从 debian 上的虚拟框到 debian 开发服务器的 cURL):
$url = 'https://local.domain.net/curl.php';
// OK cool - then let's create a new cURL resource handle
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
// Set a referer
//curl_setopt($ch, CURLOPT_REFERER, "http://www.internal-server.co.uk");
// User agent
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/1.0");
// Timeout in seconds
//curl_setopt($ch, CURLOPT_TIMEOUT, 10);
//don't verify the signiture
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Include header in result? (0 = yes, 1 = no)
//curl_setopt($ch, CURLOPT_HEADER, 0 );
// Should cURL return or print out the data? (true = return, false = print)
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//set the basic auth to any then set the creds
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
$username = self::$http_username;
$password = self::$http_password;
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); //get status code
// Download the given URL, and return output
$output = curl_exec($ch);
// Close the cURL resource, and free system resources
curl_close($ch);
print_r($output);
echo '
';
当我在命令行上 运行 以上 php 时,我得到以下信息:
0* About to connect() to local.domain.net port 443 (#0)
* Trying 192.168.1.110...
* connected
* Connected to local.domain.net (192.168.1.110) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=internal-server
* start date: 2014-11-09 21:40:16 GMT
* expire date: 2024-11-06 21:40:16 GMT
*** SSL: certificate subject name 'internal-server' does not match target host name 'local.domain.net'**
* Closing connection #0
ssl 证书和密钥是通过以下方式在开发服务器上创建的:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt
它很好地创建了证书和密钥,当我通过浏览器连接时,通常是 'are you sure'...但是由于某种原因,通过 php 的 cURL 不会玩球..
是否可以使用 openSSL 手动设置证书的主题?
certificate subject name 'internal-server' does not match target host name 'local.domain.net'
SSL 证书绑定到特定域。 OpenSSL在创建证书的时候,应该会要求你输入域名(local.domain.net).
浏览器向您显示警告不仅是因为您使用了自签名证书,还因为它与域不匹配。此警告可能有很多不同的原因。
我正在尝试自学 SSL 的工作原理。我需要通过 cURL 上的 rest 和 https 连接两台服务器。我得到了 crt 和 key selfsigned ok,浏览器通常询问你确定......打印全局变量显示 ssl apache 引擎正在工作......但 curl 不是......这是代码(我正在尝试从 debian 上的虚拟框到 debian 开发服务器的 cURL):
$url = 'https://local.domain.net/curl.php';
// OK cool - then let's create a new cURL resource handle
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
// Set a referer
//curl_setopt($ch, CURLOPT_REFERER, "http://www.internal-server.co.uk");
// User agent
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/1.0");
// Timeout in seconds
//curl_setopt($ch, CURLOPT_TIMEOUT, 10);
//don't verify the signiture
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Include header in result? (0 = yes, 1 = no)
//curl_setopt($ch, CURLOPT_HEADER, 0 );
// Should cURL return or print out the data? (true = return, false = print)
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//set the basic auth to any then set the creds
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
$username = self::$http_username;
$password = self::$http_password;
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); //get status code
// Download the given URL, and return output
$output = curl_exec($ch);
// Close the cURL resource, and free system resources
curl_close($ch);
print_r($output);
echo '
';
当我在命令行上 运行 以上 php 时,我得到以下信息:
0* About to connect() to local.domain.net port 443 (#0)
* Trying 192.168.1.110...
* connected
* Connected to local.domain.net (192.168.1.110) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: CN=internal-server
* start date: 2014-11-09 21:40:16 GMT
* expire date: 2024-11-06 21:40:16 GMT
*** SSL: certificate subject name 'internal-server' does not match target host name 'local.domain.net'**
* Closing connection #0
ssl 证书和密钥是通过以下方式在开发服务器上创建的:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt
它很好地创建了证书和密钥,当我通过浏览器连接时,通常是 'are you sure'...但是由于某种原因,通过 php 的 cURL 不会玩球..
是否可以使用 openSSL 手动设置证书的主题?
certificate subject name 'internal-server' does not match target host name 'local.domain.net'
SSL 证书绑定到特定域。 OpenSSL在创建证书的时候,应该会要求你输入域名(local.domain.net).
浏览器向您显示警告不仅是因为您使用了自签名证书,还因为它与域不匹配。此警告可能有很多不同的原因。