PHP版本:5.6.29
openssl版本:OpenSSL 1.0.1e-fips 11 Feb 2013
请求微信发红包接口,curl错误提示:Peer's Certificate issuer is not recognized.
1)以前一直运行好好的,代码也没有变动
2)用户尝试多次提现,偶尔可行
CURL参数 | 说明 |
CURLOPT_SSLCERT
|
set SSL client certificate |
CURLOPT_SSLKEY
|
specify private keyfile for TLS and SSL client cert |
CURLOPT_CAINFO
|
path to Certificate Authority (CA) bundle |
尝试的解决方案:
1)此种情况多发生在自签名的证书,报错含义是签发证书机构未经认证,无法识别。
解决办法是将签发该证书的私有CA公钥cacert.pem文件内容,追加到/etc/pki/tls/certs/ca-bundle.crt。
经检查/etc/pki/tls/certs/ca-bundle.crt已包含微信发布的rootca.pem内容。
尝试去掉CURLOPT_CAINFO配置项,该选项配置的是微信给的rootca.pem
修改之后,没有出现Peer's Certificate issuer is not recognized.日志了,问题解决
查看
CURLOPT_CAINFO 的含义:
注意到:For SSL engines that don't support certificate files the CURLOPT_CAINFO option is ignored. Refer to
https://curl.haxx.se/docs/ssl-compared.html