PHP SSL问题:更新系统CA证书\添加自签名证书到信任链

❌ SSL证书验证失败 - 自签名证书不被PHP信任,更新系统CA证书\添加自签名证书到信任链 #!/bin/bashecho "=== 完全修复PHP SSL问题 ===" # 1. 更新系统CA证书echo "1. 更新系统CA证书..."sudo apt-get updatesudo apt-get install -y ca-certificatessudo update-ca-certificates # 2. 将自签名证书添加到系统信任链echo "2. 添加自签名证书到信任链..."if [ -f /etc/postfix/ssl/smtpd.cert ]; thensudo cp /etc/postfix/ssl/smtpd.cert /usr/local/share/ca-certificates/postfix-selfsigned.crtsudo update-ca-certificatesfi # 3. 修改PHP的SSL配置echo "3. 修改PHP SSL配置..."for phpini in $(find /etc/php -name "php.ini" 2>/dev/null); doecho "修改 $phpini"# 添加或修改openssl配置sudo sed -i '/^;openssl.cafile/d' "$phpini"sudo sed -i '/^;openssl....

继续阅读完整内容

支持我们的网站，请点击查看下方广告

❌ SSL证书验证失败 - 自签名证书不被PHP信任,更新系统CA证书\添加自签名证书到信任链

#!/bin/bash
echo "=== 完全修复PHP SSL问题 ==="

# 1. 更新系统CA证书
echo "1. 更新系统CA证书..."
sudo apt-get update
sudo apt-get install -y ca-certificates
sudo update-ca-certificates

# 2. 将自签名证书添加到系统信任链
echo "2. 添加自签名证书到信任链..."
if [ -f /etc/postfix/ssl/smtpd.cert ]; then
sudo cp /etc/postfix/ssl/smtpd.cert /usr/local/share/ca-certificates/postfix-selfsigned.crt
sudo update-ca-certificates
fi

# 3. 修改PHP的SSL配置
echo "3. 修改PHP SSL配置..."
for phpini in $(find /etc/php -name "php.ini" 2>/dev/null); do
echo "修改 $phpini"
# 添加或修改openssl配置
sudo sed -i '/^;openssl.cafile/d' "$phpini"
sudo sed -i '/^;openssl.capath/d' "$phpini"
echo "openssl.cafile = /etc/ssl/certs/ca-certificates.crt" | sudo tee -a "$phpini"
echo "openssl.capath = /etc/ssl/certs" | sudo tee -a "$phpini"
done

# 4. 创建PHP SSL测试脚本
echo "4. 创建高级SSL测试脚本..."
cat > /tmp/advanced_ssl_test.php << 'PHP'
<?php
echo "高级SSL邮件系统测试\n";
echo "===================\n\n";

// 测试1：检查系统SSL配置
echo "测试1: SSL系统配置\n";
echo "PHP版本: " . phpversion() . "\n";
echo "OpenSSL版本: " . OPENSSL_VERSION_TEXT . "\n";
echo "openssl.cafile: " . ini_get('openssl.cafile') . "\n";
echo "openssl.capath: " . ini_get('openssl.capath') . "\n\n";

// 测试2：检查证书文件
echo "测试2: 证书文件检查\n";
$certFile = '/etc/postfix/ssl/smtpd.cert';
if (file_exists($certFile)) {
echo "证书文件存在: $certFile\n";
$certData = openssl_x509_parse(file_get_contents($certFile));
if ($certData) {
echo "证书主题: " . $certData['name'] . "\n";
echo "有效期从: " . date('Y-m-d', $certData['validFrom_time_t']) . "\n";
echo "有效期至: " . date('Y-m-d', $certData['validTo_time_t']) . "\n";
}
} else {
echo "证书文件不存在\n";
}
echo "\n";

// 测试3：多方法SSL连接测试
echo "测试3: SSL连接方法比较\n";

$methods = [
['name' => 'stream_socket_client', 'func' => 'test_stream_socket'],
['name' => 'fsockopen + crypto', 'func' => 'test_fsockopen_crypto'],
['name' => 'curl (如果有)', 'func' => 'test_curl'],
];

function test_stream_socket() {
$context = stream_context_create([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
]
]);

try {
$socket = stream_socket_client(
'ssl://localhost:465',
$errno,
$errstr,
5,
STREAM_CLIENT_CONNECT,
$context
);

if ($socket

继续阅读完整内容

登陆