Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
688 views
in Technique[技术] by (71.8m points)

ssl - What exactly is cacert.pem for?

In my PayPal Pro payment page I use the cURL function curl_setopt_array() with the following option : cUIn CURLOPT_CAINFO => dirname(FILE) . '/cacert.pem'.

Works fine, however even after some research I don't understand what exactly is cacert.pem for. I don't understand the concept of "verification against" that is mentioned everywhere. And what is the relationship between this file and the .csr/.crt certificate I bought to my provider ?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

cacert.pem is a bundle of CA certificates that you use to verify that the server is really the correct site you're talking to (when it presents its certificate in the SSL handshake). The bundle can be used by tools like curl or wget, as well as other TLS/SSL speaking software. The bundle should contain the certificates for the CAs you trust. This bundle is sometimes referred to as the "CA cert store".

Example:

curl --cacert cacert.pem https://example.com

In the curl project, there's a cacert.pem being provided that is converted from the ca certs Mozilla ships for Firefox.

It is done by the use of digital signatures. For the full explanation of what a CA (certificate authority) is, I refer to wikipedia.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...