问题
The new certificate is "Symantec Class 3 EV SSL CA - G3". The client has CentOS. There is no control over the server, it is third party. When the WDSL https address is loaded in Firefox and Chrome, both browsers show "Secure connection", no problem.
The WSDL address is https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL
Test code:
$success = false;
$attempts = 0;
while (($success === false) && ($attempts < 10)) {
$attempts ++;
echo 'Attempt ' . $attempts . '<br>';
try {
$wsdl = 'https://palena.sii.cl/DTEWS/CrSeed.jws?WSDL';
$entity_loader_status_old = libxml_disable_entity_loader(false);
$SoapClient = new SoapClient($wsdl);
$seed = $SoapClient -> getSeed();
libxml_disable_entity_loader($entity_loader_status_old);
$success = true;
} catch (Exception $Exception) {
echo $Exception -> getMessage() . '<br>';
}
}
if ($success === true) {
echo 'SUCCESS';
} else {
echo 'ERROR';
}
The connection is secure by default, because the PHP version is 5.6.22 (more than 5.5.x).
回答1:
Possible duplicate: OpenSSL: unable to verify the first certificate for Experian URL
To solve create a cafile.pem and concatenate the required Symantec certificates (primary intermediate and root) as shown in the possible duplicate question link above (see spuder's answer).
The cafile.pem to create as quoted from spuder:
-----BEGIN CERTIFICATE----- (Your Primary SSL certificate: your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: DigiCertCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: TrustedRoot.crt) -----END CERTIFICATE-----
Then in PHP use the next $options for creating the SoapClient object:
$options = [
'stream_context' => stream_context_create([
'ssl' => [
'cafile' => __DIR__ . '/cafile.pem',
],
]),
];
$SoapClient = new SoapClient($wsdl, $options);
来源:https://stackoverflow.com/questions/41175867/php-secure-connection-with-wsdl-service-breaks-after-server-renewed-certificate