PHP ignoring curl.cainfo setting in php.ini (apparently)

Asked 30/4, 2014 at 15:27 Answered 4/9, 2024 at 3:2

I'm trying to fix a php_curl call on a Windows server (running IIS) that is returning the familiar error "SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed".

As detailed in many related questions here, I downloaded http://curl.haxx.se/ca/cacert.pem, moved it to my server's hard drive, and added the curl.cainfo setting to my php.ini:

curl.cainfo = "C:\path\to\cacert.pem"

Nothing, still getting the same error. However, specifying the path in the PHP code results in a successful response!

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CAINFO, "C:\path\to\cacert.pem");
$response = curl_exec($ch);

This does give me a workaround I can use for now, but I'm maintaining a large application with php_curl calls in many places, so it would be more logical to specify this setting once in php.ini so it applies to all php_curl calls in the application.

Potential dumb mistake checking:

I'm restarting IIS between php.ini edits
I know I'm editing the right php.ini, because "echo ini_get('smtp_port');" reflects changes I make to that setting (changing a non-critical setting just for testing)
I know IIS can read the file, because it works when setting it using curl_setopt() (above)

Trying to look at the ini setting directly shows that PHP doesn't seem to know anything about it (am I doing this right?):

var_dump(ini_get('curl.cainfo'));

==> bool(false)

Any ideas why PHP wouldn't read the curl.cainfo setting?

Branch answered 30/4, 2014 at 15:27 Comment(0)

A coworker informed me that this curl php.ini setting was not added until PHP 5.3.7: http://www.php.net/manual/en/curl.configuration.php#ini.curl.cainfo

The particular test server I was working with was running an older version than that, so PHP wasn't reading that setting from php.ini.

Branch answered 30/4, 2014 at 21:12 Comment(2)

I'm having this same problem except php 7.1 and I have no idea how to fix it :( – Seating 24/9, 2020 at 16:54

I may have the same problem with php 7.4.16, due to "transports not found" error – Airdrome 31/5, 2024 at 14:38

You might not be updating the correct php.ini file. To see which file is being used as php.ini file in your cmd window type the following

php -i

and look for the Loaded configuration file value and open that file and then set the curl_cainfo and openssl_cafile absolute path to the cacert.pem file.

Arraign answered 7/6, 2022 at 3:11 Comment(1)

I found the property to verify I was updating the correct one, which I was: Loaded Configuration File => C:\Program Files\PHP\v8.0\php.ini ...but unfortunately for my case, the same issue persists. – Skewer 13/9, 2022 at 1:6

In my case nothing helped, until I realized that I didn't have php-curl extension installed. After that, it worked

Arena answered 24/5, 2023 at 10:52 Comment(0)

you should fix like this:

Download https://curl.haxx.se/ca/cacert.pem

put the file to php/extras/ssl/cacert.pem

edit php.ini and reload php

curl.cainfo = "C:\Data\php-8.3.0\extras\ssl\cacert.pem"
openssl.cafile = "C:\Data\php-8.3.0\extras\ssl\cacert.pem"

Or you can use other way: edit your php code near curl:


    if (defined('CURLSSLOPT_NATIVE_CA') && version_compare(curl_version()['version'], '7.71', '>=')) {
        curl_setopt($ch, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
    }

this will also solve your problem.

Benavides answered 4/9, 2024 at 3:2 Comment(0)

Recommended topics

Hot tags