微信支付HTTPS服务器证书验证（PHP）

PHP代码验证是否包含CA证书

如果无法通过验证，请点击连接查看官方操作，安装相应的ca证书即可

# test_wechat_ca.php
 '商户id', 'nonce_str' => md5(time()));
$postData = $data + ['sign'=>strtoupper(md5(http_build_query($data) . "&key=你的密钥"))];
$xml = '';
foreach ($postData as $k => $v) {
    $xml .= '<' . $k .'>';
}
$xml .= '';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://apitest.mch.weixin.qq.com/sandboxnew/pay/getsignkey');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_HEADER,0);

$content  = curl_exec($ch);
curl_close($ch);

$toXml = simplexml_load_string($content, 'SimpleXMLElement', LIBXML_NOCDATA);
$arrXml = (array)$toXml;

if ($arrXml['return_code'] == 'SUCCESS') {
    die('你的服务器通过微信支付HTTPS服务器证书验证');
}
if ($arrXml['return_code'] == 'FAIL') {
    die("你的服务器无法通过验证:" . $arrXml['return_msg'] . "；" . "点我查看如何安装微信要求的根CA证书");
}

?>

命令确认是否包含CA证书

openssl s_client -connect api.mch.weixin.qq.com:443  -verify_return_error

正常的输出为:

depth=3 C = IE， O = Baltimore， OU = CyberTrust， CN = Baltimore CyberTrust Root

verify return:1

depth=2 C = US， O = DigiCert Inc， OU = www.digicert.com， CN = DigiCert Global Root CA

verify return:1

depth=1 C = US， O = DigiCert Inc， OU = www.digicert.com， CN = GeoTrust RSA CA 2018

verify return:1

depth=0 C = CN， L = Shenzhen， O = Tencent Technology (Shenzhen) Company Limited， OU = R&D， CN = payapp.weixin.qq.com

verify return:1

CONNECTED(00000003)

---
# 注意上方的即可

Certificate chain

 0 s:/C=CN/L=Shenzhen/O=Tencent Technology (Shenzhen) Company Limited/OU=R&D/CN=payapp.weixin.qq.com

   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018

 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018

   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root

安装根证书