由此提问展开的步骤验证,亲测可用。
安装wechatpay-php包
composer require wechatpay/wechatpay
查看 composer 版本
执行
composer -V
打印出
Composer version 2.1.5 2021-07-23 10:35:47
查询当前可用命令
执行
composer exec -l
打印出
Available binaries:
- CertificateDownloader.php
平台证书下载工具帮助信息
执行
composer exec CertificateDownloader.php
打印出
Usage: 微信支付平台证书下载工具 [-hV]
-f=<privateKeyFilePath> -k=<apiv3Key> -m=<merchantId>
-s=<serialNo> -o=[outputFilePath] -u=[baseUri]
Options:
-m, --mchid=<merchantId> 商户号
-s, --serialno=<serialNo> 商户证书的序列号
-f, --privatekey=<privateKeyFilePath>
商户的私钥文件
-k, --key=<apiv3Key> APIv3密钥
-o, --output=[outputFilePath]
下载成功后保存证书的路径,可选,默认为临时文件目录夹
-u, --baseuri=[baseUri] 接入点,可选,默认为 https://api.mch.weixin.qq.com/
-V, --version Print version information and exit.
-h, --help Show this help message and exit.
下载
执行
composer exec CertificateDownloader.php -- -m 你的商户号 -s 40字节你的商户证书序列号 -f 你的apiclient_key.pem文件路径 -k 你的APIv3密钥 -o .
打印出
* Trying 101.226.137.13:443...
* Connected to api.mch.weixin.qq.com (101.226.137.13) port 443 (#0)
* ALPN, offering http/1.1
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=CN; ST=Guangdong Province; L=Shenzhen; O=Shenzhen Tencent Computer Systems Company Limited; CN=payapp.weixin.qq.com
* start date: Jan 5 00:00:00 2021 GMT
* expire date: Feb 4 23:59:59 2022 GMT
* subjectAltName: host "api.mch.weixin.qq.com" matched cert's "api.mch.weixin.qq.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Site CN CA G3
* SSL certificate verify ok.
> GET /v3/certificates HTTP/1.1
Host: api.mch.weixin.qq.com
Accept: application/json, text/plain, application/x-gzip
Content-Type: application/json; charset=utf-8
User-Agent: wechatpay-php/1.1.3 GuzzleHttp/7 curl/7.78.0 (Darwin/17.7.0) PHP/7.2.34
Authorization: WECHATPAY2-SHA256-RSA2048 mchid="你的商户号",serial_no="40字节你的商户证书序列号",timestamp="1629856192",nonce_str="VUQqkOgKn6IQNnBZenJ9qodfI0CSYMeD",signature="s9oLRyuX4Y4Eb4fG9ZOz8dPutHmnnJAniNkTk/tpFGbAfo9fEDAGIepHpCbSKkthlAcOewdijHeYorEnn6TfJmixCxZU9M1A4YLE1tCVZ5Vu7gVpYOc6T94fi/9ZjPh0P6ql7xwkHvFJelE306ttx27JggbmmfOsYfHUfDROXqsbPXDIphCMGCzIqPTxa2f+RainXduVreHU7D2MB33GCf0B1uCfUSDS0K1mVOyMl4tYpGUx83PWlceCaw823Flse2ZTVoRta/p5dAT+CCi3vLgJ1kTv6sfEONvBXkCS7CM7V7iKcACgxzOaq/5aiHd7f4peXPs8eYlrmFAvNXs/jQ=="
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Wed, 25 Aug 2021 01:49:54 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 2168
< Connection: keep-alive
< Keep-Alive: timeout=8
< Cache-Control: no-cache, must-revalidate
< X-Content-Type-Options: nosniff
< Request-ID: 08C2C39689061490011889DFEEA30620F23528FB06-0
< Content-Language: zh-CN
< Wechatpay-Nonce: 384dadb556fb2baf92b2d4c1b07b7ae9
< Wechatpay-Signature: OnHwA+dXZr1CWKH1RtzTKftzc9i+arjMk/3vSkBfuP8H/txqRDcuppt0ZVQac4Tnzmy1wSwAYoeuFS9OfH0UKtLDx1XJCKhNxdgzGDaOY7FgQ+s9Y7SD7/41d2Yd3YiqA1FRjXw29liLQ8hwzqdjhv6F6ShU6m4Tp3oe99W/HvvK1QuQwlDqGfPl+bbtyNpbdYzI3I0fq3AW/USshxi5GH0ipf4VEGgSCH3iEXRbnu/zOnv4PneHS1OgAWTtRMsNcHa4orwQIk9JyTeR/ea4O3ts44WQWV4B8+eRGEyNyWnehEfbJuA6Wa6c3pU4NyPCxSjIrFw7qzUj7vvo1wn6hw==
< Wechatpay-Timestamp: 1629856194
< Wechatpay-Serial: samples
<
* Connection #0 to host api.mch.weixin.qq.com left intact
Certificate #0 {
Serial Number: 平台证书序列号
Not Before: 2020-04-22T09:43:19+08:00
Not After: 2025-04-21T09:43:19+08:00
Saved to: ./平台证书文件.pem
You may confirm the above infos again even if this library already did(by Crypto\Rsa::verify):
openssl x509 -in ./平台证书文件.pem -noout -serial -dates
Content:
-----BEGIN CERTIFICATE-----
MIID3DCCAsSgAwIBAgIUGpn29Q2WYL6wG3Qd+V5Yh2DSN1MwDQYJKoZIhvcNAQEL
BQAwXjELMAkGA1UEBhMCQ04xEzARBgNVBAoTClRlbnBheS5jb20xHTAbBgNVBAsT
FFRlbnBheS5jb20gQ0EgQ2VudGVyMRswGQYDVQQDExJUZW5wYXkuY29tIFJvb3Qg
Q0EwHhcNMjAwNDIyMDE0MzE5WhcNMjUwNDIxMDE0MzE5WjBuMRgwFgYDVQQDDA9U
AQfkCW7DNT7iU6oQK+sMTxjiZwMBIqKOWsxvO8ljEpndHkCKXbmd/xKv54o5Pbam
Ta7YQKocLOM7N96/9zasjV9OVVUktazq9XQoReki1EKnbhZvLoS5L5ECbVB/VIwL
Qok2zZVOm81GwKe0r7tb+gPO6c0K2/XiVpJd5w9PO6M=
-----END CERTIFICATE-----
}
至此,\WeChatPay\Builder::factory([])所需的平台证书序列号及平台证书文件.pem就下载完成了。
点赞。
这个证书有有效期的吗
北望老师,我就是这样下载的,此证书还需要后续处理么?文档中说要通过证书信任链验证平台证书,是这样的么?
老师你好,平台证书需要经常更新请问有代码下载证书的方式吗
我做了并不是这样的结果,cd切换目录后,直接以记事本的方式打开了CertificateDownloader.php源文件,并没有打印。老师 是运行环境问题么?