0

您好,我突然开始收到此错误 curl_error: Peer certificate cannot be authenticated with known CA certificate on paypal transactions on my site. 证书名称是 VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt 并且似乎有效并且似乎是中间证书。代码如下,但它工作了多年。

  curl_setopt($conn, CURLOPT_HEADER, 0);
  curl_setopt($conn, CURLOPT_NOBODY, 0);
  curl_setopt($conn, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true);
  curl_setopt($conn, CURLOPT_SSL_VERIFYHOST, 2);
  curl_setopt($conn, CURLOPT_CAINFO, getcwd() . "/CAcerts/VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt");
  curl_setopt($conn, CURLOPT_HTTPPROXYTUNNEL, 1);
  curl_setopt($conn, CURLOPT_PROXYTYPE, "CURLPROXY_HTTP");
  curl_setopt($conn, CURLOPT_PROXYAUTH, "CURLAUTH_BASIC");
  curl_setopt($conn, CURLOPT_POST, 1);
  curl_setopt($conn, CURLOPT_POSTFIELDS, $postString);
  curl_setopt($ch, CURLOPT_TIMEOUT, 15);

该网站是一个简单的主机,没有 ssh。我应该怎么办?我应该安装新证书吗?如果是的话,什么证书和正确的程序是什么?

4

1 回答 1

0

文件 /CAcerts/VeriSignClass3PublicPrimaryCertificationAuthority-G5.crt 已过期。

更新到能够验证您要连接到的 PayPal 服务器证书的颁发者的版本。

您可以在此处下载更新的证书颁发机构包:https ://curl.haxx.se/docs/caextract.html

将该 .pem 文件放在 /CAcerts/ 之类的位置,然后更改指向它的路径。

于 2020-03-16T17:20:38.787 回答