Tag Archives: Https

file_get_Contents and fopen return false when requesting HTTPS address: Error content: SSL routes: ssl3_get_server_certificate:certificate verify failed

Recently found file in project_get_Contents, fopen suddenly doesn’t work?

After troubleshooting, it is found that the access can be successful by using HTTP access, and an error will be reported with s and false will be returned;

At first, I thought it was an SSL certificate problem, so I changed the certificate and operated again; False is returned. Detailed error log: SSL routes: ssl3_get_server_certificate:certificate verify failed;

Still not;

file_get_Contents can be solved in the following three ways:

1. Modify the php.ini configuration file

For PHP under windows, just go to php.ini and delete the front of extension=php_openssl.dll; and restart the service. (Note that allow_url_fopen must also be turned on)

For PHP under Linux, you must install the OpenSSL module. After installation, you can access it.

2.stream_context_Create method

$url= 'https://example.com';
$arrContextOptions=array(
      "ssl"=>array(
            "verify_peer"=>false,
            "verify_peer_name"=>false,
        ),
    );  
$response = file_get_contents($url, false, stream_context_create($arrContextOptions));

3. Replace file with curl function_ get_ contents

function getSslPage($url) {
    /*  http://www.manongjc.com/article/1428.html */
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_REFERER, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}

Use method 2 to solve the file_get_contents problem temporarily, but I always feel something is wrong, because it can be accessed before;

Later, fopen reported an error of false;

Keep looking for information……

This is because PHP cannot verify the certificate. Look at phpinfo and find openssl.cafile, which can be found in the php.ini file;

The certificate exists. It should be expired. Replace the certificate.

You can download the latest CA certificate at the following address
https://curl.haxx.se/ca/cacert.pem

Replace the certificate and reload the PHP configuration; Perfect solution!!!

[tran] tunnel to… 443 appears when Fiddler grabs packets

After chopping hands, the fraud call came before the express delivery was received. How to improve the privacy and security of e-commerce>>>

Transfer:

1. When crawling the packet of HTTPS, the fiddler session column will display the message “tunnel to… 443”. What is the reason
connect refers to the handshake of HTTPS (that is, authentication information, as long as it is HTTPS), as long as it is not full of tunnel to… 443, there is no problem. We can choose to hide this kind of information
Hide method: select Hide connections from menu bar => rules =. You can hide it

2. To decrypt the HTTPS traffic, you need to install a certificate on the mobile device
Android、IOS:

1. Open Fiddler on PC

2. Set the agent on the mobile terminal, and enter http:// [fiddlerserver]: [port]/fiddleroot.cer( http://192.168.1.121 :8888/FiddlerRoot.cer)

3. Automatically download fiddlerroot.cer certificate

4. Enter settings – advanced settings – security – install certificate from SD card – select fiddleroot.cer – install to prompt successful installation

5. OK

3. PC terminal

1. Delete the previous certificate: open the system certificate manager (run => certmgr. MSc => Enter), and then the manager appears to delete the certificate you generated before

2. A new certificate was typed with a tool called “fiddlercertmaker. Exe”. You can download it here( After the download is successful, double-click to run it directly.)

3. Re open fiddler and use Chrome/IE to input https://www.baidu.com/ This time, you can capture the message of HTTPS and decrypt it successfully

4. Use IOS to remotely connect Fiddler’s proxy address. After the certificate is successfully installed online, use native browser to access it“ https://www.baidu.com/ ”, Fiddler successfully grabs the data of HTTPS

5. When Fiddler grabs the web page of chrome, it may prompt that the connection is unsafe and cannot be used. Install the plug-in switchysharp on chrome, and select general settings – check quick switch – use system proxy settings – OK in the plug-in. Because Fiddler will automatically set a proxy 127.0.0.1 port 8888 to the browser and remember the proxy settings of the browser, all requests go through Fiddler proxy first and then browser proxy. If the plug-in is used, the fiddler agent may be directly blocked, so the request cannot be monitored

4. Others

1. Chrome and IE use a system proxy, while Firefox uses an independent proxy system, so no matter whether the “capturing” switch of fiddler is turned on or not, it can’t capture the request of the browser. We need to set the proxy settings of foxbrowser as system proxy or configure it as manual proxy“

2. The certificate management system used by Firefox is also an independent system, while chrome and IE use the certificate agent of the system. So if we want to use Fiddler to capture the data packet of HTTPS in the browser, we need to export the root certificate of fiddler to the desktop, and then import it into the certificate of firebox. When we use chrome and ie, we don’t need to import or export the certificate, because Fiddler’s certificate is installed in the system’s certificate management

3. If there is a problem with the certificate when using fiddler, you can try to use “fiddlercertmaker. Exe” to type the certificate again

4. If you can’t get the data by using Android or IOS, and if you can’t install “fiddlercertmaker. Exe” on your computer, try another plug-in of fiddler, “certmaker
for IOS and Android”, which can be downloaded from the official website

Web service, download the file linked with HTTPS, and prompt javax.net.ssl.sslkeyexception: RSA premaster secret error

Open source software supply chain lighting plan, waiting for you>>>

Question:

On the server, download the link file of HTTPS and report javax.net.ssl.sslkeyexception: RSA premaster secret error

When running locally, no error is reported, but the error is reported on the server

Solution:

Set lib/ext/sunjce in the JRE directory_ The provider.jar is loaded in

JRE Directory: $Java_ HOME/jre

Load sunjce_ Two methods of provider.jar:

1. Will sunjce_ Copy the provider.jar to the web project directory

2. Modify the startup script and load the JRE directory into classpath

vi catalina.sh

Modify elif [“$1” = “start”]; Then, add – DJava. Ext. dirs to specify the directory to load additional jars, and separate multiple directories with

eval $_NOHUP "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVV
    A_OPTS $CATALINA_OPTS \
 -D$ENDORSED_PROP="\"$JAVA_ENDORSED_DIRS\"" \
 -classpath "\"$CLASSPATH\"" \
 -Djava.security.manager \
 -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
 -Dcatalina.base="\"$CATALINA_BASE\"" \
  -Dcatalina.home="\"$CATALINA_HOME\"" \
  -Djava.ext.dirs="/opt/web/customscript/customlib:$JAVA_HOME/jre/lib/ext" \

HTTP protocol error: com.sun.net.ssl.internal www.protocol.https.HttpsURLConnectionOldImpl resolvent

Follow the rising sun_ 24, please click:

https://blog.csdn.net/xuri24/article/details/82220333

Application server: JBoss server

JDK environment: JDK1.6

Communication protocol: http/HTTPS

Scene: local project docking with external project (interface programming), especially bank docking, etc

Use the external system provided by the SDK, which encapsulates the HTTP communication protocol. It is normal to use the SDK for calling. When importing the local project for docking, an error is reported in the calling request

sun.net.www.protocol.http.HttpURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection