![PHP $_SERVER['SSL_CLIENT_CERT'] 为空](https://linux22.com/image/699062/PHP%20%24_SERVER%5B'SSL_CLIENT_CERT'%5D%20%E4%B8%BA%E7%A9%BA.png)
我想要做的是将客户端证书传递到我的 PHP 页面。为了进行测试,我curl在 Linux 终端上使用:
curl --cert cert.pem 'https://example.com/test.php'
在测试.php,我已将其设置为打印$_SERVER超全局:
<?php
print_r($_SERVER);
?>
在 Apache 中,我有以下选项:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
...
SSLVerifyClient optional_no_ca
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
...
</VirtualHost>
</IfModule>
执行我的命令后curl,我看到$_SERVER['SSL_CLIENT_CERT']变量是空的:
Array
(
[HTTPS] => on
[SSL_TLS_SNI] => example.com
[SSL_SERVER_CERT] => -- REDACTED --
[SSL_CLIENT_CERT] =>
[HTTP_USER_AGENT] => curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
[HTTP_HOST] => example.com
[HTTP_ACCEPT] => */*
[PATH] => /usr/local/bin:/usr/bin:/bin
[SERVER_SIGNATURE] => <address>Apache/2.2.22 (Ubuntu) Server at example.com Port 443</address>
[SERVER_SOFTWARE] => Apache/2.2.22 (Ubuntu)
[SERVER_NAME] => example.com
[SERVER_ADDR] => 10.1.26.199
[SERVER_PORT] => 443
[REMOTE_ADDR] => 10.1.26.241
[DOCUMENT_ROOT] => /vol1/sites
[SERVER_ADMIN] => [no address given]
[SCRIPT_FILENAME] => /vol1/sites/test.php
[REMOTE_PORT] => 33400
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /test.php
[SCRIPT_NAME] => /test.php
[PHP_SELF] => /test.php
[REQUEST_TIME] => 1487370411
)
我错过了什么?
答案1
我觉得自己很愚蠢!但以下方法可以帮助我解决这个问题:
不要将虚拟主机定义为<VirtualHost _default_:443>,而应使用星号 来定义:<VirtualHost *:443>。
默认的 Apache 安装有此_default_行,很容易被忽视,直到您需要更改它!