我想问下我自己想引用证书，但是报错

[Thomastar]

` # 证书加载
def set_apiclient_by_pkcs12(str)
pkcs12 = OpenSSL::PKCS12.new(str)
@apiclient_cert = pkcs12.certificate
@apiclient_key = pkcs12.key

pkcs12

end

def apiclient_cert=(cert)
@apiclient_cert = OpenSSL::X509::Certificate.new(cert)
end

def apiclient_key=(key)
@apiclient_key = OpenSSL::PKey::RSA.new(key)
end `

错误信息：
PKCS12_parse: mac verify failure

[Thomastar]

`class HttpClient
attr_reader :base, :ssl_context, :httprb, :apiclient_cert, :apiclient_key
def initialize(base = nil , timeout = nil, skip_verify_ssl = false)
@base = base
@httprb = HTTP.timeout(:global, write: timeout, connect: timeout, read: timeout)
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context.ssl_version = :TLSv1_client
@ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE if skip_verify_ssl
end
def postXmlHttp(uri, xml, use_ssl= true)
uri = URI.parse(uri)
Net::HTTP.start(uri.host,uri.port,use_ssl:use_ssl) do |http|
request = Net::HTTP::Post.new(uri.path)
request.body = xml
response = http.request(request)
response.body
end
end
def set_apiclient_by_pkcs12(str)
pkcs12 = OpenSSL::PKCS12.new(str)
@apiclient_cert = pkcs12.certificate
@apiclient_key = pkcs12.key
pkcs12
end

def apiclient_cert=(cert)
@apiclient_cert = OpenSSL::X509::Certificate.new(cert)
end

def apiclient_key=(key)
@apiclient_key = OpenSSL::PKey::RSA.new(key)
end
end`

使用
http_client = HttpClient.new(nil, nil, false)
pkcs12_filepath = "#{Rails.root}/certs/apiclient_cert.p12"
cert = http_client.set_apiclient_by_pkcs12(File.read(pkcs12_filepath))

[jasl]

报 PKCS12_parse: mac verify failure 查文档 https://ruby-doc.org/stdlib-2.4.0/libdoc/openssl/rdoc/OpenSSL/PKCS12.html#method-c-new

new(str) → pkcs12
str - Must be a DER encoded PKCS12 string.

检查你的 str 格式是不是合规

[Thomastar]

@jasl 是不是使用微信这个文件？apiclient_cert.p12？
参数中的pass 是不是 证书的密钥？

[jasl]

对，你这个问题是你没正确的把这个东西加载，而 Ruby 处理这个事情基本可以理解成是交给 OpenSSL，那么就是你在加载这个证书，在编码方式，证书密码 或者其他原因导致的问题