cURL 不喜欢 ssl 证书中的主题和主机名不匹配

cURL doesn't like the subject and host name mismatch in the ssl cert

我正在尝试自学 SSL 的工作原理。我需要通过 cURL 上的 rest 和 https 连接两台服务器。我得到了 crt 和 key selfsigned ok,浏览器通常询问你确定......打印全局变量显示 ssl apache 引擎正在工作......但 curl 不是......这是代码(我正在尝试从 debian 上的虚拟框到 debian 开发服务器的 cURL):

$url = 'https://local.domain.net/curl.php';

        // OK cool - then let's create a new cURL resource handle
        $ch = curl_init($url);

        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        // Set a referer
        //curl_setopt($ch, CURLOPT_REFERER, "http://www.internal-server.co.uk");

        // User agent
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/1.0");

        // Timeout in seconds
        //curl_setopt($ch, CURLOPT_TIMEOUT, 10);

        //don't verify the signiture
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

        // Include header in result? (0 = yes, 1 = no)
        //curl_setopt($ch, CURLOPT_HEADER, 0 );

        // Should cURL return or print out the data? (true = return, false = print)
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        //set the basic auth to any then set the creds
        curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
        $username = self::$http_username;
        $password = self::$http_password;
        curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");

        $status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);   //get status code

        // Download the given URL, and return output
        $output = curl_exec($ch);

        // Close the cURL resource, and free system resources
        curl_close($ch);

        print_r($output);

        echo '


';

当我在命令行上 运行 以上 php 时,我得到以下信息:

0* About to connect() to local.domain.net port 443 (#0)
*   Trying 192.168.1.110...
* connected
* Connected to local.domain.net (192.168.1.110) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: CN=internal-server
*        start date: 2014-11-09 21:40:16 GMT
*        expire date: 2024-11-06 21:40:16 GMT
*** SSL: certificate subject name 'internal-server' does not match target host name 'local.domain.net'**
* Closing connection #0

ssl 证书和密钥是通过以下方式在开发服务器上创建的:

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt

它很好地创建了证书和密钥,当我通过浏览器连接时,通常是 'are you sure'...但是由于某种原因,通过 php 的 cURL 不会玩球..

是否可以使用 openSSL 手动设置证书的主题?

certificate subject name 'internal-server' does not match target host name 'local.domain.net'

SSL 证书绑定到特定域。 OpenSSL在创建证书的时候,应该会要求你输入域名(local.domain.net).

浏览器向您显示警告不仅是因为您使用了自签名证书,还因为它与域不匹配。此警告可能有很多不同的原因。