I am using XAMPP for development. Recently I upgraded my installation of xampp from an old version to 1.7.3.
Now when I curl HTTPS enabled sites I get the following exception
Fatal error: Uncaught exception 'RequestCore_Exception' with message 'cURL resource: Resource id #55; cURL error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (60)'
Everyone suggest using some specific curl options from PHP code to fix this problem. I think this shouldn't be the way. Because I didn't have any problem with my old version of XAMPP and happened only after installing the new version.
I need help to figure out what settings change in my PHP installation, Apache etc can fix this problem.
curl used to include a list of accepted CAs, but no longer bundles ANY CA certs. So by default it'll reject all SSL certificates as unverifiable.
You'll have to get your CA's cert and point curl at it. More details at cURLS's Details on Server SSL Certificates.
It's a pretty common problem in Windows. You need just to set
cacert.pem
tocurl.cainfo
.Since PHP 5.3.7 you could do:
php.ini
-- add curl.cainfo = "PATH_TO/cacert.pem"Otherwise you will need to do the following for every cURL resource:
Source: http://ademar.name/blog/2006/04/curl-ssl-certificate-problem-v.html
for All above Info Credit Goes to : http://ademar.name/blog/2006/04/curl-ssl-certificate-problem-v.html
The above solutions are great, but if you're using WampServer you might find setting the
curl.cainfo
variable inphp.ini
doesn't work.I eventually found WampServer has two
php.ini
files:The first is apparently used for when PHP files are invoked through a web browser, while the second is used when a command is invoked through the command line or
shell_exec()
.TL;DR
If using WampServer, you must add the
curl.cainfo
line to bothphp.ini
files.I ended up here when trying to get GuzzleHttp (php+apache on Mac) to get a page from www.googleapis.com.
Here was my final solution in case it helps anyone.
Look at the certificate chain for whatever domain is giving you this error. For me it was googleapis.com
You'll get back something like this:
Note: I captured this after I fixed the issue, to your chain output may look different.
Then you need to look at the certificates allowed in php. Run phpinfo() in a page.
Then look for the certificate file that's loaded from the page output:
This is the file you'll need to fix by adding the correct certificate(s) to it.
You basically need to append the correct certificate "signatures" to the end of this file.
You can find some of them here: You may need to google/search for others in the chain if you need them.
They look like this:
(Note: This is an image so people will not simply copy/paste certificates from stackoverflow)
Once the right certificates are in this file, restart apache and test.