我想要做的是通过客户端证书到我的PHP页面。 为了testing,我在Linuxterminal上使用curl :
curl --cert cert.pem 'https://example.com/test.php'
在test.php ,我已经设置为打印$_SERVER超全局:
<?php print_r($_SERVER); ?>
在Apache中,我有以下选项:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ... SSLVerifyClient optional_no_ca SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData ... </VirtualHost> </IfModule>
在执行我的curl命令后,我看到$_SERVER['SSL_CLIENT_CERT']variables是空的:
Array ( [HTTPS] => on [SSL_TLS_SNI] => example.com [SSL_SERVER_CERT] => -- REDACTED -- [SSL_CLIENT_CERT] => [HTTP_USER_AGENT] => curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 [HTTP_HOST] => example.com [HTTP_ACCEPT] => */* [PATH] => /usr/local/bin:/usr/bin:/bin [SERVER_SIGNATURE] => <address>Apache/2.2.22 (Ubuntu) Server at example.com Port 443</address> [SERVER_SOFTWARE] => Apache/2.2.22 (Ubuntu) [SERVER_NAME] => example.com [SERVER_ADDR] => 10.1.26.199 [SERVER_PORT] => 443 [REMOTE_ADDR] => 10.1.26.241 [DOCUMENT_ROOT] => /vol1/sites [SERVER_ADMIN] => [no address given] [SCRIPT_FILENAME] => /vol1/sites/test.php [REMOTE_PORT] => 33400 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /test.php [SCRIPT_NAME] => /test.php [PHP_SELF] => /test.php [REQUEST_TIME] => 1487370411 )
我错过了什么?
我感到愚蠢! 但是,这是对我来说固定的东西:
它不应该将虚拟主机定义为<VirtualHost _default_:443> ,而应该使用星号来定义: <VirtualHost *:443> 。
默认的Apache安装有_default_行,这很容易忽略,直到你需要改变!