90

Whilst trying to setup a php environment on windows (using wamp) to use the Amazon PHP SDK, when i try to run a sample test I get the following error:

Fatal error: Uncaught exception 'cURL_Exception' with message 'cURL resource: Resource id #10; cURL error: SSL certificate problem: unable to get local issuer certificate (cURL error code 60). See http://curl.haxx.se/libcurl/c/libcurl-errors.html for an explanation of error codes.' in C:\wamp\www\AWSSDKforPHP\lib\requestcore\requestcore.class.php on line 848

I have already added the following line to my php.ini

curl.cainfo = C:\Windows\ca-bundle.crt

which is the location of a certificate i created using this VBS script VBS-Script

I have restarted my WAMP service also.

PHP index curl reference

Ciaran
  • 1,139
  • 2
  • 11
  • 14
  • 6
    In case you don't care about the certification process, you may disable it altogether `curl_setopt($rest, CURLOPT_SSL_VERIFYPEER, false);` – denispyr Feb 09 '15 at 18:29
  • This solved the problem for me - http://stackoverflow.com/a/32095378/178163 Basically there may be 2 php.ini files – George Kagan Nov 28 '16 at 20:31
  • 3
    For those bumping into this issue for the first time, like I did, the reason behind this, as far as I understand (correct me if I am wrong), is that unlike the situation of an HTTPS connection via a browser, a CURL request does not get the certificate from the server. So, we need to manually download the certificate of the site and add it to the PHP ini. This verification of certificate at the client's end is a part of the HTTPS connection process, and it seems, it can be bypassed. This is where the `curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,false);` comes into picture. – Sandeepan Nath Feb 09 '17 at 10:08
  • worked as a charm!!!! thanks! – Rodrigo Serzedello Jul 22 '17 at 16:14

13 Answers13

235

Use this certificate root certificate bundle:

https://curl.haxx.se/ca/cacert.pem

Copy this certificate bundle on your disk. And use this on php.ini

curl.cainfo = "path_to_cert\cacert.pem"
Alex Smolen
  • 11
  • 4
Hüseyin BABAL
  • 15,400
  • 4
  • 51
  • 73
  • 10
    And in case this does not solve the problem? I set `curl_setopt($ch, CURLOPT_CAINFO, ini_get('curl.cainfo'));` and in the _php.ini_ `[cURL] curl.cainfo = C:\dev\xampp\php\cacert.pem`. The file is there, but I'm still getting the error 60. There's something I'm missing? – Overflowh Sep 13 '14 at 17:44
  • 3
    @Overflowh there are two types of `php.ini`: One for php-cli second for php-web(apache, nginx, ...). You need to set `curl.cainfo = "path_to_cert\cacert.pem"` for web one. On the other hand, If you can see `curl.cainfo` is true in your php info view, that time there might be permission issue. – Hüseyin BABAL Sep 15 '14 at 07:55
  • Well, actually I can't see `curl.cainfo` in my php info. Does this mean that I put the value in the wrong file? – Overflowh Sep 15 '14 at 18:04
  • 1
    Yes, please double check your php.ini file location. You need to put that in web version – Hüseyin BABAL Sep 16 '14 at 06:02
  • I have added in apache php.ini, but this didn't worked – kasim badami Apr 27 '15 at 09:20
  • @kasimbadami you need to check php error log. Maybe the path you have specified is not correct. It is hard say something without extra information – Hüseyin BABAL Apr 27 '15 at 10:30
  • i am sure path is correct. I am using wamp / oppenssl on localhost – kasim badami Apr 27 '15 at 10:48
  • this is what error log is, when i restart wamp server `[ssl:warn] [pid 5200:tid 476] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)` – kasim badami Apr 27 '15 at 11:11
  • Be sure that you have successfully generated the ssl key. and the file permissions are ok – Hüseyin BABAL Apr 27 '15 at 21:13
  • Good answer I just use it under windows 10 with wamp 32 and php7.0.10. Thank you very much ! – merrais Dec 31 '16 at 17:03
32

i fixed this by modifying php.ini file at C:\wamp\bin\apache\apache2.4.9\bin\ 

curl.cainfo = "C:/wamp/bin/php/php5.5.12/cacert.pem"

first i was trying by modifying php.ini file at C:\wamp\bin\php\php5.5.12\ and it didn't work.

hope this helps someone who is searching for the right php.ini to modify

aimme
  • 6,385
  • 7
  • 48
  • 65
  • 1
    Thanks. All it took was downloading the file from https://curl.haxx.se/ca/cacert.pem, and setting the path to it in the apache php.ini file like you said. Please be aware people, you can put the cacert anywhere you want, just make sure you put the path in correctly. Also, make sure you remove the semicolon! – Dan Zuzevich Aug 05 '17 at 13:25
  • 1
    Don't forget to reload apache after this. – hcker2000 May 14 '18 at 20:28
18
php --ini

This will tell you exactly which php.ini file is being loaded, so you know which one to modify. I wasted a lot of time changing the wrong php.ini file because I had WAMP and XAMPP installed.

Also, don't forget to restart the WAMP server (or whatever you use) after changing php.ini.

Anazul
  • 231
  • 2
  • 6
13

@Overflowh I tried the above answer also with no luck. I changed php version from 5.3.24 to 5.5.8 as this setting will only work in php 5.3.7 and above. I then found this http://flwebsites.biz/posts/how-fix-curl-error-60-ssl-issue I downloaded the cacert.pem from there and replaced the one I had download/made from curl.hxxx.se linked above and it all started working. I was trying to get paypal sandbox IPN to verify. Happy to say after the .pem swap all is ok using curl.cainfo setting in php.ini which still was not in 5.3.24.

pgkerr76
  • 131
  • 1
  • 3
  • 2
    I was facing same issue and fixed by just downloading .pem file form above mentioned. Thanks – saqibahmad Aug 17 '15 at 18:34
  • 4
    Haha I can't believe this! I own FLWebsites.biz and I ran into this post completely unaware that I was mentioned... I wrote that blog! – HTMLGuy Sep 13 '15 at 01:43
  • I've been trying to figure out the issue, and after 3-4 hours I finally stumbled on this answer. I said oh well, why not try another pem file again. And surprise: it finally worked. Thanks for finding that blog :) – Sauleil Oct 13 '15 at 21:46
  • This solved my cacert.pem problem under Windows 10, IIS. Thanks. – jacouh Mar 07 '17 at 15:00
  • That link doesnt work now @ShaneStebner , do you have a new url to share by any chance ? – AdamJones Jun 27 '18 at 13:52
  • 3
    Sorry, I took my site down. Go directly to the source: https://curl.haxx.se/docs/caextract.html – HTMLGuy Jun 27 '18 at 20:18
8

@Hüseyin BABAL

I am getting error with above certificate but i try this certificate and its working.

https://gist.github.com/VersatilityWerks/5719158/download

Gaurang Ghinaiya
  • 559
  • 9
  • 26
  • WOW. This is crazy. I was looking for a way to set the cacert.pem globally and ran into this. I AM VersatilityWerks haha. You used my gist. – HTMLGuy Sep 13 '15 at 01:42
5

First, we need download this certificate root certificate bundle:

https://curl.haxx.se/ca/cacert.pem

Move this file to somewhere such as to PHP folder in Wamp/Xampp folder.

Then edit your "php.ini" :

curl.cainfo ="C:/path/to/your/cacert.pem"

and

openssl.cafile="C:/path/to/your/cacert.pem"

IMPORTANT:

Be sure that you open the "php.ini" file directly by your Window Explorer. (in my case: “C:\DevPrograms\wamp64\bin\php\php5.6.25\php.ini”).

Don't use the shortcut to "php.ini" in the Wamp/Xampp icon's menu in the System Tray. This shortcut didn't work in some cases I faced.

After saving "php.ini" you don't need to "Restart All Services" in Wamp icon or close/re-open CMD.

Try with " var_dump(openssl_get_cert_locations()); " and look at line : ["ini_cafile"]=> string(40) "C:/path/to/your/cacert.pem"

Done.

Quang Nguyen Tri
  • 121
  • 2
  • 4
  • Your note about opening the php.ini file through explorer actually worked! And I finally figured out that the php.ini from wamp icon has got a different path. Thank you!!! – Doctiger May 31 '20 at 12:58
3

Problem fixed, download https://curl.haxx.se/ca/cacert.pem and put it "somewhere", and add this line in php.ini :

curl.cainfo = "C:/somewhere/cacert.pem"

PS: I got this error by trying to install module on drupal with xampp.

littlefox
  • 31
  • 2
3

The easiest solution to the problem is to add the below command in the field.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,false);

Using this will not need to add any certificate or anything.

JJJ
  • 32,902
  • 20
  • 89
  • 102
Arjun Londhey
  • 199
  • 1
  • 5
2

Add the below to php.ini [ use '/' instead of '\' in the path] curl.cainfo= "path/cacert.pem"

Restarted my XAMPP. It worked fine for me. Thanks

TTS Raja
  • 21
  • 4
2

if cacert.pem from above links doesn't working try this one worked for me

https://gist.github.com/VersatilityWerks/5719158/download

Khaled AbuShqear
  • 1,230
  • 14
  • 24
1

First you have to download the certificate from this link

https://curl.haxx.se/ca/cacert.pem

and put it in a location you want the name of downloadable file is : cacert.pem So in my case I will put it under C:\wamp64\bin\php\cacert.pem

Then you have to specify the location of the php.ini file

For example, I am using php 7 the php.ini file is located at : C:\wamp64\bin\php\php7.0.10\php.ini

So access to that file and uncommit this line ;openssl.cafile

also update it to be looks like this openssl.cafile="C:\wamp64\bin\php\cacert.pem"

Finally restart your apache server and that's all

Matt Fletcher
  • 8,182
  • 8
  • 41
  • 60
Mustapha GHLISSI
  • 1,485
  • 1
  • 15
  • 16
1

IMPORTANT: after 4 hours , working with laravel 5.7 and php 7.+ and run/use php artisan serve on localhost trying to connect to mailgun.

IMPORTANT to resolve the problem do not work with IP http://127.0.0.1:8000 use localhost or set domain name by host file.

ok ,

Brn.Rajoriya
  • 1,534
  • 2
  • 23
  • 35
lior ben yosef
  • 144
  • 1
  • 6
0

The solution is to edit the file php.ini located in your php version(for me it's php7.0.10) not the php.ini of apache. You will find a commented file like this ;curl.cainfo Just change this line like this curl.cainfo = "C:\permCertificate\cacert.pem"

Don't forget to create the "permCertificate" directory and copy the "cacert.pem" file inside it.

Sami FAREH
  • 3
  • 1