CA证书,用来在调用HTTPS资源的时候,验证对方网站是否是CA颁布的证书,而不是自己随便生成的
curl命令
1.需要下载CA证书 文件地址是 http://curl.haxx.se/ca/cacert.pem
2.把下载的文件放到这个位置 /etc/pki/tls/certs/ca-bundle.crt
3.curl就可以访问https的资源了
function post($url,$data=array(),$refer = "",$timeout = 30,$header = array()){ $curlObj = curl_init(); $ssl = stripos($url,'https://') === 0 ? true : false; $options = array( CURLOPT_URL => $url,CURLOPT_RETURNTRANSFER => 1,CURLOPT_POST => 1,CURLOPT_POSTFIELDS => $data,CURLOPT_FOLLOWLOCATION => 1,CURLOPT_AUTOREFERER => 1,CURLOPT_USERAGENT => 'Webface SelfService Form',CURLOPT_TIMEOUT => $timeout,CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_0,CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,CURLOPT_REFERER => $refer ); if (!empty($header)) { $options[CURLOPT_HTTPHEADER] = $header; } if ($refer) { $options[CURLOPT_REFERER] = $refer; } if ($ssl) { //注意看这里就是配置CA证书 //只信任CA颁布的证书 $options[CURLOPT_SSL_VERIFYPEER]=true; //本地CA证书,用来验证网站的证书是否是CA颁布的 $options[CURLOPT_CAINFO]=getcwd() . '/cacert.pem'; //验证域名是否匹配 $options[CURLOPT_SSL_VERIFYHOST] = 2; /* //忽略证书验证,信任任何证书 $options[CURLOPT_SSL_VERIFYHOST] = false; $options[CURLOPT_SSL_VERIFYPEER] = false; */ } curl_setopt_array($curlObj,$options); $returnData = curl_exec($curlObj); if (curl_errno($curlObj)) { $returnData = curl_error($curlObj); } curl_close($curlObj); return $returnData; } $res=post("https://www.baidu.com"); var_dump($res);