不接受证书。无法设置私钥文件

I try to make a connection through SoapClient. I need a certificate for this. I received a .pfx certificate. I used the following command to create a .pem file.

我尝试通过SoapClient建立连接。我需要一张证明。我获得了。pfx证书。我使用以下命令创建.pem文件。

openssl pkcs12 -in cert.pfx -out cert.pem -nodes

There is a password in the certificate so I need to enter it before I get the cert.pem file. So far so good, I think.

证书中有一个密码，所以我需要在获取cert.pem文件之前输入它。到目前为止，我认为还不错。

Now I try to connect to the WSDL service.

现在我尝试连接到WSDL服务。

$url = "https://test.website.com/webservices/transfer.asmx?WSDL";
$cert = '/path/to/cert.pem';
$passphrase = "12345678";                                               

$soapClient = new SoapClient($url, array('local_cert'=>$cert,'passphrase'=>$passphrase));

I get the following error:

我得到以下错误:

(Warning) SoapClient::SoapClient(): Unable to set private key file `/var/www/vhosts/............./cert.pem'

(警告)SoapClient: SoapClient: SoapClient():无法设置私人密钥文件……/var/www/vhosts/ cert.pem

I think the problem is the certificate. Is the way that I converted the .pfx to a .pem the correct way?

我认为问题出在证书上。我把。pfx转换成。pem的方法正确吗?

1 个解决方案

#1

The problem you're running into is that a .pem certificate is always supposed to be an encrypted file. According to the OpenSSL docs for the pkcs12 command when you used -nodes it didn't encrypt anything, rather put each node into plain text, which caused the .pem certificate to be invalid and your SoapClient couldn't parse the invalid file.

您遇到的问题是.pem证书始终应该是加密文件。根据pkcs12命令的OpenSSL文档，当您使用-nodes时，它没有加密任何东西，而是将每个节点放入纯文本中，这导致.pem证书无效，您的SoapClient无法解析无效的文件。

To fix this, hopefully you haven't deleted the original cert.pfx, just re-convert it using this line:

要解决这个问题，希望您没有删除原始的cert.pfx，只需使用以下代码重新转换它:

openssl pkcs12 -in cert.pfx -out cert.pem -clcerts

and your cert.pem file will be correct.

你的cert.pem文件将是正确的。

#1