cURL error 60: SSL certificate: unable to get local issuer certificate

Asked 23/4, 2015 at 11:54 Answered 28/2 at 21:47

356

I am trying to send an API request using Stripe but get the error message:

cURL error 60: SSL certificate problem: unable to get local issuer certificate

This is the code I am running:

public function chargeStripe()
{
    $stripe = new Stripe;
    $stripe = Stripe::make(env('STRIPE_PUBLIC_KEY'));

    $charge = $stripe->charges()->create([
        'amount'   => 2900,
        'customer' => Input::get('stripeEmail'),
        'currency' => 'EUR',
    ]);

    return Redirect::route('step1');
}

I searched a lot on Google and lots of people are suggesting that I download this file: cacert.pem, put it somewhere and reference it in my php.ini. This is the part in my php.ini:

curl.cainfo = "C:\Windows\cacert.pem"

Yet, even after restarting my server several times and changing the path, I get the same error message.

I have the ssl_module enabled in Apache, and I have php_curl enabled in my php.ini.

I have also tried another fix which suggests that I add these lines to my cURL options:

curl_setopt($process, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, true);

Where do I add options to my cURL? Apparently not through the command line, since my CLI doesn't find the command "curl_setopt"

Chessa answered 23/4, 2015 at 11:54 Comment(12)

Assuming there are no issues with your code, it could be your firewall. Try disabling your firewall to test. – Mal 23/4, 2015 at 11:56

did't I gave you answer to this question here? :) – Osier 23/4, 2015 at 11:57

@limonte possible, had to switch projects and have probably the same problem with the new project. Will switch back to the guzzle problem and maybe it is the same fix. brb – Chessa 23/4, 2015 at 12:6

@Waqarulislam firewall always down – Chessa 23/4, 2015 at 12:6

I don't get it, do you have cURL in a PHP script, as in curl_init() etc, or are you running curl from the command line. It doesn't really help to change the PHP settings if you're not using PHP cURL, and those two lines at the bottom of the question are settings for PHP cURL. – Ten 23/4, 2015 at 12:16

Have you tried the latest version of stripe? I see a commit message that changed something to do with certs... github.com/stripe/stripe-php/commit/… – Fallon 8/6, 2015 at 8:56

@Chessa have you got the solution for this problem? I am facing the same error with stripe. Please let me know if you have any solution. – Burse 9/6, 2015 at 13:28

@Fallon That's a different stripe library than the one OP is using :) – Recrimination 1/7, 2015 at 8:42

This solved the issue for me: https://mcmap.net/q/18960/-php-ssl-certificate-error-unable-to-get-local-issuer-certificate – Deboradeborah 28/11, 2016 at 20:29

Attn: WordPress users. WP curl functions use a CA cert file in the WP core files - not your php.ini defined file. So even after you make the fixes shown here, you will still get the error. I made a little plugin to solve this: github.com/squarecandy/force-localhost-ca – Mcgaw 23/9, 2020 at 3:8

The link to how fix PHP curl leads to a maliscious spam site. – Municipal 16/2, 2023 at 21:12

Check my Solution that is easy to use and correct. #28858851 – Shuping 21/3 at 10:54

752

How to solve this problem:

download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html
save it on your filesystem somewhere (for example, XAMPP users might use C:\xampp\php\extras\ssl\cacert.pem)
in your php.ini, put this file location in the [curl] section (putting it in the [openssl] section is also a good idea):

[curl]
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"

[openssl]
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"

restart your webserver (e.g. Apache) and PHP FPM server if applicable

(Reference: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate)

Ozzy answered 19/1, 2016 at 17:27 Comment(11)

This message is coming because of your PHP version. If it is upper from PHP 5.5 then coming this error because of PHP 5.6 new feature. PHP 5.6 check certificates if you are using cURL. – Queenhood 28/3, 2016 at 12:33

Thanks for the answer! Although I would recommend using the cacert.pem from the official curl-page: curl.haxx.se/docs/caextract.html – Vesicatory 13/4, 2016 at 12:37

Just wanted to point out for anyone that can't get this to work - I used forward slashes curl.cainfo = "C:/cacert.pem" and also had to restart my computer in order to get it to work. Just restarting the web server was not enough. Hopefully that helps :] – Sailboat 20/1, 2018 at 21:15

and don't forget to uncomment curl.cainfo (facepalm) – Deadhead 4/7, 2018 at 8:28

Thanks! I'm not running XAMPP, but am on Windows. This solution worked for me, just parked it here instead: "C:\php\extras\ssl\cacert.pem". – Plectrum 5/8, 2019 at 19:24

What about MAMP? – Garb 27/8, 2019 at 13:24

I followed this, but I am still getting the same issue. Is there anything else I need to do? XAMPP, windows 10, PHP 7.2.8, localhost:8080 – Inflationary 2/11, 2020 at 7:41

Resolved issue by following the : scratchcode.io/… Hope this helps anyone who is reading this comment – Vesicate 29/12, 2020 at 17:1

Thanks, this worked for me when I was setting up a new laptop and getting an error "No alive nodes found in your cluster" when trying to connect to AWS Elasticsearch. – Domingodominguez 14/1, 2021 at 16:43

this is also working for ampps, you can just locate the php.ini and add the same variable and location of the cacert file thanks!! – Behr 11/6, 2021 at 9:56

I got the exact same error, still line 60, using php artisan with OctoberCMS. I discovered a recent version of cacert.pem inside of: composer/ca-bundle/res/cacert.pem of my project directory. So I opened php.ini, the one used my command line (not the one used by apache), and set curl.cainfo directive to point to it. With Wamp, use absolute paths like: "c:/path/to/file" – Synonymize 27/6, 2023 at 2:49

148

Attention Wamp/Wordpress/windows users. I had this issue for hours and not even the correct answer was doing it for me, because i was editing the wrong php.ini file because the question was answered to XAMPP and not for WAMP users, even though the question was for WAMP.

Here's what I did:

Download the certificate bundle.
Put it inside of C:\wamp64\bin\php\your php version\extras\ssl
Inside of C:\wamp64\bin\apache\apache(version)\modules, make sure the file mod_ssl.so is there
Inside of Apache directory C:\wamp64\bin\apache\apache2.4.27\conf, enable mod_ssl in httpd.conf
Enable php_openssl.dll in php.ini. Be aware my problem was that I had two php.ini files and I need to do this in both of them. First one can be located inside of your WAMP taskbar icon here.

And the other one is located in C:\wamp64\bin\php\php(Version)

Find the location for both of the php.ini files and find the line curl.cainfo = and give it a path like this curl.cainfo = "C:\wamp64\bin\php\php(Version)\extras\ssl\cacert.pem"
Now save the files and restart your server and you should be good to go

Beechnut answered 28/1, 2018 at 16:43 Comment(9)

It's less that you have to do both php.ini than doing the one you are intending to use: if you're using apache as the SAPI client, then amend the one in the apache dir, and/or amend the one in the client dir if you're planning to use php.exe as the SAPI. – Synonymize 18/6, 2018 at 11:19

"I need to do this in both of them" is the key note. Thank you – Munn 26/6, 2018 at 5:59

This works for Laravel 5.5 with "guzzlehttp/guzzle": "^6.3". Wamp server 3.1.3. Php 7.1* – Kurtis 17/11, 2018 at 10:56

Thanks for answering for wamp – Ingraft 7/8, 2019 at 17:49

You are awesome! This is the only solution that worked for me after looking to resolve the problem for hours. Thank you! – Revisionist 21/1, 2020 at 21:7

Thank you! The first solution I have found for this problem that is not "If you are using XAMPP do this." – Kirven 2/10, 2020 at 8:9

Rerun php artisan serv if you use Laravel – Sahaptin 6/6, 2021 at 16:44

Well done, I tried to fix the issues for hours and I try to read carefully the path of php.ini, and I was editing that file from the apache folder, not in the PHP folder 😅 – Camass 15/11, 2021 at 19:41

Is there a setting for open-source developers to enable or signify this from composer? – Villainage 1/4, 2023 at 12:17

If you are using PHP 5.6 with Guzzle, Guzzle has switched to using the PHP libraries autodetect for certificates rather than it's process (ref). PHP outlines the changes here.

Finding out Where PHP/Guzzle is Looking for Certificates

You can dump where PHP is looking using the following PHP command:

 var_dump(openssl_get_cert_locations());

Getting a Certificate Bundle

For OS X testing, you can use homebrew to install openssl brew install openssl and then use openssl.cafile=/usr/local/etc/openssl/cert.pem in your php.ini or Zend Server settings (under OpenSSL).

A certificate bundle is also available from curl/Mozilla on the curl website: https://curl.haxx.se/docs/caextract.html

Telling PHP Where the Certificates Are

Once you have a bundle, either place it where PHP is already looking (which you found out above) or update openssl.cafile in php.ini. (Generally, /etc/php.ini or /etc/php/7.0/cli/php.ini or /etc/php/php.ini on Unix.)

Bryner answered 6/7, 2015 at 19:14 Comment(5)

YES. After seeing too many people suggest the obviously wrong approach of downgrading by multiple version numbers, this stands as the correct approach imho. I had followed others' advice about the cafile but didn't have a means of testing why it still didn't load. This openssl_get_cert_locations() function really did the job in identifying my problem. Thanks! – Rebroadcast 14/1, 2016 at 0:10

Thank you for providing openssl_get_cert_locations, it made debugging much easier. Looks like WAMP uses different ini file for apache php than for console php. In my case, I had to add openssl.cafile="c:/_/cacert.pem" for console-based php. Last time, when using it through apache, I needed curl.cainfo="c:/_/cacert.pem" to make it work. – Hush 17/9, 2018 at 18:48

Anyone have a suggestion for windows machines? I tried the suggested command in Git Bash, cmd, and Commander. None of them recognized the syntax for var_dump(openssl_get_cert_locations()); – Guidebook 24/9, 2020 at 18:6

var_dump(openssl_get_cert_locations()); is a PHP command, you'll need to run it in a PHP file or interpreter. (Updated the post for clarity that it is a PHP command.) – Bryner 5/11, 2020 at 13:53

You can run echo "<?php var_dump(openssl_get_cert_locations());" | php in your console project and you'll be ready to go – Putrescine 29/4, 2021 at 21:21

Guzzle, which is used by cartalyst/stripe, will do the following to find a proper certificate archive to check a server certificate against:

Check if openssl.cafile is set in your php.ini file.
Check if curl.cainfo is set in your php.ini file.
Check if /etc/pki/tls/certs/ca-bundle.crt exists (Red Hat, CentOS, Fedora; provided by the ca-certificates package)
Check if /etc/ssl/certs/ca-certificates.crt exists (Ubuntu, Debian; provided by the ca-certificates package)
Check if /usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)
Check if /usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)
Check if C:\windows\system32\curl-ca-bundle.crt exists (Windows)
Check if C:\windows\curl-ca-bundle.crt exists (Windows)

You will want to make sure that the values for the first two settings are properly defined by doing a simple test:

echo "openssl.cafile: ", ini_get('openssl.cafile'), "\n";
echo "curl.cainfo: ", ini_get('curl.cainfo'), "\n";

Alternatively, try to write the file into the locations indicated by #7 or #8.

Meridithmeriel answered 10/6, 2015 at 10:29 Comment(0)

If you're unable to change php.ini you could also point to the cacert.pem file from code like this:

$http = new GuzzleHttp\Client(['verify' => '/path/to/cacert.pem']);
$client = new Google_Client();
$client->setHttpClient($http);

Cellarage answered 8/2, 2017 at 13:28 Comment(0)

I had this problem appear out-of-the-blue one day, when a Guzzle(5) script was attempting to connect to a host over SSL. Sure, I could disable the VERIFY option in Guzzle/Curl, but that's clearly not the correct way to go.

I tried everything listed here and in similar threads, then eventually went to terminal with openssl to test against the domain with which I was trying to connect:

openssl s_client -connect example.com:443

... and received first few lines indicating:

CONNECTED(00000003)
depth=0 CN = example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = example.com
verify error:num=21:unable to verify the first certificate
verify return:1

... while everything worked fine when trying other destinations (ie: google.com, etc)

This prompted me to contact the domain I had been trying to connect to, and indeed, they had a problem on THEIR END that had crept up. It was resolved and my script went back to working.

So... if you're pulling your hair out, give openssl a shot and see if there's anything up with the response from the location you are attempting to connect. Maybe the issue isn't so 'local' after all sometimes.

Andrey answered 12/1, 2017 at 19:42 Comment(1)

Excellent advice here...confirm the actual problem before you go ripping into config... – Lassiter 31/7, 2021 at 23:29

What i did was use var_dump(openssl_get_cert_locations()); die; in any php script, which gave me the information about defaults that my local php was using:

array (size=8)
  'default_cert_file' => string 'c:/openssl-1.0.1c/ssl/cert.pem' (length=30)
  'default_cert_file_env' => string 'SSL_CERT_FILE' (length=13)
  'default_cert_dir' => string 'c:/openssl-1.0.1c/ssl/certs' (length=27)
  'default_cert_dir_env' => string 'SSL_CERT_DIR' (length=12)
  'default_private_dir' => string 'c:/openssl-1.0.1c/ssl/private' (length=29)
  'default_default_cert_area' => string 'c:/openssl-1.0.1c/ssl' (length=21)
  'ini_cafile' => string 'E:\xampp\php\extras\ssl\cacert.pem' (length=34)
  'ini_capath' => string '' (length=0)

As you can notice, i have set the ini_cafile or the ini option curl.cainfo. But in my case, curl would try to use the "default_cert_file" which did not exist.

I copied the file from https://curl.haxx.se/ca/cacert.pem into the location for "default_cert_file" (c:/openssl-1.0.1c/ssl/cert.pem) and i was able to get it to work.

This was the only solution for me.

Bisect answered 8/2, 2017 at 21:13 Comment(2)

I have similar problem and my location is something like c:/usr/local/ssl/cert.pem but this location does not exists, do you what what it could be, further the same project is used by my coluge on mac machine could that be reason, I have tried everything else, that is adding cert location in .ini file but it doesn't work, it looks like your solution should work as it makes sense but can't change that location and can't put certificate in location which doesn't exists. – Pacify 28/6, 2017 at 1:33

You can try an create the folders and put certificate at your specified path? – Bisect 28/6, 2017 at 13:31

Have you tried..

curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);

If you would like to risk being hit by a man-in-the-middle attack, you can skip the verify.

Impudicity answered 10/6, 2015 at 9:51 Comment(0)

Be sure that you open the php.ini file directly by your Window Explorer. (in my case: C:\DevPrograms\wamp64\bin\php\php5.6.25).

Don't use the shortcut to php.ini in the Wamp/Xamp icon's menu in the System Tray. This shortcut doesn't work in this case.

Then edit that php.ini :

curl.cainfo ="C:/DevPrograms/wamp64/bin/php/cacert.pem"

and

openssl.cafile="C:/DevPrograms/wamp64/bin/php/cacert.pem"

After saving php.ini you don't need to "Restart All Services" in Wamp icon or close/re-open CMD.

Sympathy answered 26/4, 2017 at 14:3 Comment(3)

Looks like the WAMP php.ini shortcut in thy system tray is a .symlink (0 bytes). It opens(or creates?) the file: <path_to_WAMP_install_location>\wamp64\bin\apache\apache2.4.41\bin\php.ini (in my case 74bytes). This answer suggests going directly to the WAMP folder for the PHP version you are using, and editing that php.ini (in my case 73bytes) file instead. – Guidebook 24/9, 2020 at 18:46

The comment the top of the wamp\64\bin\php\php.x.y.z directory says: `[PHP] ; ************************************************************** ; ****** DO NOT EDIT THIS FILE **** DO NOT EDIT THIS FILE ****** ; * This file is only use by PHP CLI (Command Line Interface) * ; * that is to say by Wampserver internal PHP scripts * ; * THE CORRECT FILE TO EDIT is Wampmanager Icon->PHP->php.ini * ; * that is wamp/bin/apache/apache2.x.y/bin/php.ini * ; ************************************************************** `` This is for PHP 7.3.12 – Guidebook 24/9, 2020 at 22:53

Actually, it seems that the symlink points to <path_to_WAMP_install_directory>\wamp64\bin\php\php7.3.12\phpForApache.ini, which is in the same directory as the php.ini file that has a comment that it should not be edited. There are also developer and production versions of php.ini in the same location. – Guidebook 25/9, 2020 at 3:13

For WAMP, this is what finally worked for me.
While it is similar to others, the solutions mentioned on this page, and other locations on the web did not work. Some "minor" detail differed.
Either the location to save the PEM file mattered, but was not specified clearly enough.
Or WHICH php.ini file to be edited was incorrect. Or both.
I'm running a 2020 installation of WAMP 3.2.0 on a Windows 10 machine.

Link to get the pem file:

http://curl.haxx.se/ca/cacert.pem
Copy the entire page and save it as: cacert.pem, in the location mentioned below.

Save the PEM file in this location

<wamp install directory>\bin\php\php<version>\extras\ssl
eg saved file and path: "T:\wamp64\bin\php\php7.3.12\extras\ssl\cacert.pem"

*(I had originally saved it elsewhere (and indicated the saved location in the php.ini file, but that did not work). There might, or might not be, other locations also work. This was the recommended location - I do not know why.)

WHERE
<wamp install directory> = path to your WAMP installation.
eg: T:\wamp64\

<php version> of php that WAMP is running: (to find out, goto: WAMP icon tray -> PHP <version number>
if the version number shown is 7.3.12, then the directory would be: php7.3.12)
eg: php7.3.12

Which php.ini file to edit

To open the proper php.ini file for editing, goto: WAMP icon tray -> PHP -> php.ini.
eg: T:\wamp64\bin\apache\apache2.4.41\bin\php.ini
NOTE: it is NOT the file in the php directory!

Update:
While it looked like I was editing the file: T:\wamp64\bin\apache\apache2.4.41\bin\php.ini,
it was actually editing that file's symlink target: T:/wamp64/bin/php/php7.3.12/phpForApache.ini.

Note that if you follow the above directions, you are NOT editing a php.ini file directly. You are actually editing a phpForApache.ini file. (a post with info about symlinks)

If you read the comments at the top of some of the php.ini files in various WAMP directories, it specifically states to NOT EDIT that particular file.
Make sure that the file you do open for editing does not include this warning.

Installing the extension Link Shell Extension allowed me to see the target of the symlink in the file Properites window, via an added tab. here is an SO answer of mine with more info about this extension.

If you run various versions of php at various times, you may need to save the PEM file in each relevant php directory.

The edits to make in your php.ini file:

Paste the path to your PEM file in the following locations.

uncomment ;curl.cainfo = and paste in the path to your PEM file.
eg: curl.cainfo = "T:\wamp64\bin\php\php7.3.12\extras\ssl\cacert.pem"
uncomment ;openssl.cafile= and paste in the path to your PEM file.
eg: openssl.cafile="T:\wamp64\bin\php\php7.3.12\extras\ssl\cacert.pem"

Credits:

While not an official resource, here is a link back to the YouTube video that got the last of the details straightened out for me: https://www.youtube.com/watch?v=Fn1V4yQNgLs.

Guidebook answered 6/10, 2020 at 14:42 Comment(1)

This comment right here will save you lots of time if you are using Wampp with different PHP versions: While it looked like I was editing the file: T:\wamp64\bin\apache\apache2.4.41\bin\php.ini, it was actually editing that file's symlink target: T:/wamp64/bin/php/php7.3.12/phpForApache.ini. – Halting 14/6, 2023 at 7:44

I found a solution that worked for me. I downgraded from the latest guzzle to version ~4.0 and it worked.

In composer.json add "guzzlehttp/guzzle": "~4.0"

Hope it helps someone

Urbanity answered 27/6, 2015 at 13:43 Comment(1)

That will also prevent you using any version 5/6 features. Instead just set verify to false in a param array (3rd param of request method): $client->request('GET', '/', ['verify' => false]); – Ferretti 20/11, 2015 at 16:57

I just experienced this same problem with the Laravel 4 php framework which uses the guzzlehttp/guzzle composer package. For some reason, the SSL certificate for mailgun stopped validating suddenly and I got that same "error 60" message.

If, like me, you are on a shared hosting without access to php.ini, the other solutions are not possible. In any case, Guzzle has this client initializing code that would most likely nullify the php.ini effects:

// vendor/guzzlehttp/guzzle/src/Client.php
    $settings = [
        'allow_redirects' => true,
        'exceptions'      => true,
        'decode_content'  => true,
        'verify'          => __DIR__ . '/cacert.pem'
    ];

Here Guzzle forces usage of its own internal cacert.pem file, which is probably now out of date, instead of using the one provided by cURL's environment. Changing this line (on Linux at least) configures Guzzle to use cURL's default SSL verification logic and fixed my problem:

Since the files in vendor are not meant to be tampered with, a better solution would be to configure the Guzzle client on usage, but this was just too difficult to do in Laravel 4.

Hope this saves someone else a couple hours of debugging...

Fanatic answered 25/1, 2018 at 7:53 Comment(1)

This helped thanks, instead of changing it in vendor, you can overwrite the settings when you init the Guzzle Client: $client = new Client(['defaults' => ['verify' => true]]); – Salsala 23/7, 2020 at 9:49

All of the answers are correct ; but the most important thing is You have to find the right php.ini file. check this command in cmd " php --ini " is not the right answer for finding the right php.ini file.

if you edit

curl.cainfo ="PATH/cacert.pem"

and check

var_dump(openssl_get_cert_locations());

then curl.cainfo should have a value. if not then that's not right php.ini file;

*I recommend you to search *.ini in wamp/bin or xxamp/bin or any server you use and change them one by one and check it. *

Sequestration answered 23/11, 2018 at 17:25 Comment(1)

Worked for me on windows server path iis_express/php. Thanks. – Vaclava 11/1, 2021 at 12:56

This might be an edge case, but in my case the problem was not the client conf (I already had curl.cainfo configured in php.ini), but rather the remote server not being configured properly:

It did not send any intermediate certs in the chain. There was no error browsing the site using Chrome, but with PHP I got following error.

cURL error 60

After including the Intermediate Certs in the remote webserver configuration it worked.

You can use this site to check the SSL configuration of your server:

https://whatsmychaincert.com/

Intersidereal answered 1/3, 2018 at 13:23 Comment(0)

I spent too much time to figure out this problem for me.

I had PHP version 5.5 and I needed to upgrade to 5.6.

In versions < 5.6 Guzzle will use it's own cacert.pem file, but in higher versions of PHP it will use system's cacert.pem file.

I also downloaded file from here https://curl.haxx.se/docs/caextract.html and set it in php.ini.

Answer found in Guzzles StreamHandler.php file https://github.com/guzzle/guzzle/blob/0773d442aa96baf19d7195f14ba6e9c2da11f8ed/src/Handler/StreamHandler.php#L437

        // PHP 5.6 or greater will find the system cert by default. When
        // < 5.6, use the Guzzle bundled cacert.

Doggo answered 31/5, 2018 at 8:40 Comment(0)

For those of you who are trying to use Wordpress's application password functionality on your local machine. You need to update the wp-includes\certificates\ca-bundle.crt

Open this file in a text editor and append your server's certificate.

Open your self-signed certificate(.crt) file and
Copy all between and including

----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Paste at the end of the wp-includes\certificates\ca-bundle.crt

Avert answered 1/8, 2021 at 8:32 Comment(0)

Easy way for user using Wordpress to fix cURL error 60

Appearance > Theme Editor > functions.php or or edit your functions.php file

add_filter('https_ssl_verify', '__return_false');

and it works

Honeysucker answered 14/10, 2023 at 7:18 Comment(1)

Disabling SSL verification seems like a really really bad idea. – Jeramie 9/1 at 16:36

when I run 'var_dump(php_ini_loaded_file());' I get this output on my page 'C:\Development\bin\apache\apache2.4.33\bin\php.ini' (length=50)'

and to get php to load my cert file I had to edit the php.ini in this path 'C:\Development\bin\apache\apache2.4.33\bin\php.ini' and add openssl.cafile="C:/Development/bin/php/php7.2.4/extras/ssl/cacert.pem" where I had downloaded and place my cert file from https://curl.haxx.se/docs/caextract.html

am on windows 10, using drupal 8, wamp and php7.2.4

Scrumptious answered 26/4, 2018 at 10:20 Comment(0)

I'm using Centos 7 with the free version of virtualmin. With Virtualmin you can create a wordpress website. There is functionality that will automatically update your ssl certificate for you. I noticed that /etc/httpd/conf/httpd.conf did not contain an entry for SSLCertificateChainFile. Which should be set to something like /home/websitename/ssl.combined. Updating that file accordingly and restarting apache fix this problem for me. I discovered my issue trying to install a jetpack plugin for wordpress. A search on the internet led me to realize that I didn't have SSL Configured. I followed Redhat's instructions on how to install a certificate. I hope this was useful to someone.

Rus answered 2/4, 2021 at 22:59 Comment(1)

Thanks Sean, this was the exact issue i was facing, will try it – Dispensary 1/5, 2021 at 22:2

if you use WAMP you should also add the certificate line in php.ini for Apache (besides the default php.ini file):

[curl]
curl.cainfo = C:\your_location\cacert.pem

works for php5.3+

Forspent answered 29/5, 2017 at 9:14 Comment(1)

Yes! Be careful to edit both apache and php version php.ini files. For WAMP users, this answer was the only to solve my problem: #28858851 – Motoring 14/11, 2017 at 9:26

I have a proper solution of this problem, lets try and understand the root cause of this issue. This issue comes when remote servers ssl cannot be verified using root certificates in your system's certificate store or remote ssl is not installed along with chain certificates. If you have a linux system with root ssh access, then in this case you can try updating your certificate store with below command:

update-ca-certificates

If still, it doesn't work then you need to add root and interim certificate of remote server in your cert store. You can download root and intermediate certs and add them in /usr/local/share/ca-certificates directory and then run command update-ca-certificates. This should do the trick. Similarly for windows you can search how to add root and intermediate cert.

The other way you can solve this problem is by asking remote server team to add ssl certificate as a bundle of domain root cert, intermediate cert and root cert.

Bangalore answered 16/4, 2020 at 18:55 Comment(0)

Guzzle Version 5

This default config is working good for mine. It will disable https required.

  $options = [
    'defaults' => ['verify' => false],
  ];
  new GuzzleClient($options);

In other case, you want to set path of ca, change to:

['verify' => '/path/to/cacert.pem']

Couscous answered 26/4, 2021 at 7:0 Comment(0)

If you are using plain cUrl then you have set CURLOPT_CAINFO option for the request. this path should be the absolute path.

You can download this certificate from here then place it in following path:

C:\wamp64\bin\php\php(your PHP version)\extras\ssl\

$ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $link);
    curl_setopt($ch, CURLOPT_CAINFO, 'C:\wamp64\bin\php\php(your PHP version)\extras\ssl\cacert.pem');
    $res = curl_exec($ch);

Interpellant answered 5/8, 2023 at 10:30 Comment(0)

I had to add this value in three places on Windows server:

[curl]
curl.cainfo = "C:\php\extras\ssl\cacert.pem"

[openssl]
openssl.cafile = "C:\php\extras\ssl\cacert.pem"
openssl.capath = "C:\php\extras\ssl\cacert.pem"

Catechism answered 28/2 at 21:47 Comment(0)

-1

As you are using Windows, I think your path separator is '\' (and '/' on Linux). Try using the constant DIRECTORY_SEPARATOR. Your code will be more portable.

Try:

curl_setopt($process, CURLOPT_CAINFO, dirname(__FILE__) . DIRECTORY_SEPARATOR . 'cacert.pem');

EDIT: and write the full path. I had some issues with relative paths (perhaps curl is executed from another base directory?)

Shaft answered 10/6, 2015 at 9:46 Comment(1)

This wouldn't make a difference, because the actual cURL settings are out of your control when you use that particular Stripe library. – Recrimination 11/6, 2015 at 8:46

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++