我有一个可怕的时间获取SSL来验证证书.我完全不知道证书的工作原理,这是开始的主要障碍.以下是运行脚本时出现的错误:
c:/Ruby191/lib/ruby/1.9.1/net/http.rb:611:in `connect': SSL_connect returned=1 e rrno=0 state=SSLv3 read server certificate B: certificate verify Failed (OpenSSL ::SSL::SSLError)
以下是相关代码:
client = Savon::Client.new order_svc
request = client.create_empty_cart { |soap,http|
http.auth.ssl.cert_file = 'mycert.crt'
http.auth.ssl.verify_mode = :none
http.read_timeout = 90
http.open_timeout = 90
http.headers = { "Content-Length" => "0","Connection" => "Keep-Alive" }
soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
soap.body = {
"wsdl:brand" => brand,"wsdl:parnter" => [
{"open:catalogName" => catalogName,"open:partnerId" => partnerId }
] }.to_soap_xml
}
任何帮助是赞赏.
解决方法
检查你的cert.pem和你的key.pem
证书密钥应该有一个
-----BEGIN CERTIFICATE----- MIIFGDCCBACgAwIBAgIKG1DIagAAAAAAAzANBgkqhkiG9w0BAQsFADCBvDEkMCIG .... -----END CERTIFICATE-----
你的key.pem应该有
-----BEGIN PRIVATE KEY----- CSqGSIb3DQEJARYVY2Fjb250YWN0QGVzY3JlZW4uY29tMQswCQYDVQQGEwJVUzEP .... -----END PRIVATE KEY-----
它可能有一些证据,但这并不重要. (虽然它对我而言,如果没有额外的证据,卷曲不起作用)
我正在谈论的webservice有一个很好的根CA,但是客户端认证密钥不被信任,所以这可能是为什么额外的证书使卷曲工作.
从客户端证书中获取这些是什么导致了我的问题.
这是对我有用的.
openssl pkcs12 -in Client.pfx -clcerts -nokeys -out cert.pem openssl pkcs12 -in Client.pfx -nodes -out key.pem
每个都将提示您输入密码
如果需要,您可以设置一个pem密码. (你必须稍后在ruby代码中设置它)
require 'savon' client = Savon::Client.new "https://service/Service.asmx?wsdl" client.http.auth.ssl.cert_key_file = "key.pem" client.http.auth.ssl.cert_file = "cert.pem" client.http.auth.ssl.verify_mode=:peer p client.wsdl.soap_actions
你也可以用卷曲测试
curl -v -E key.pem https://services/Service.asmx?wsdl