cURL error 60: SSL certificate prblm: unable to get local issuer certificate

Question

I want to collect a list of videos uploaded on a specific channel using the YouTube data API. However, before implementing online I am trying to get my code running on an offline environment (WAMPserver, PHP 5.5.12, Apache 2.4.9). I am using the following code:

require_once 'google-api-php-client-2.0.0-RC5/vendor/autoload.php';

$client = new Google_Client();
$client->setApplicationName("SRC_Thor");
$client->setDeveloperKey("xxxxxxxxxxx");

$youtube = new Google_Service_YouTube($client);

$channelResponse = $youtube->channels->listChannels('contentDetails', []);
var_dump($channelResponse);

However it gives the following error:

Fatal error: Uncaught exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)'

I have tried adding the latest version of cacert.pem as most topics on SO offer as a solution, however to no avail.

Since you're in a development environment, why don't you just set `$client->setDefaultOption('verify', false);` so that it doesn't attempt to perform the verification? Obviously on the live server it won't be an issue given that the live server will have a correct certificate (assumedly) — Ohgodwhy, Feb 25 '16 at 21:28
@Ohgodwhy of course, I was put off by all the security thread comments everywhere, but that's a non-issue. Thanks! — Sjors Hijgenaar, Feb 25 '16 at 21:35
@Ohgodwhy I am getting an error: `Call to undefined method Google_Client::setDefaultOption()` any idea why? — Sjors Hijgenaar, Feb 25 '16 at 21:39
I guess `setDefaultOption` method has been removed from `Google_Client`. Use [@Phung answer](https://stackoverflow.com/a/40487704/5560399) it worked for me! — Elharony, Jul 25 '19 at 06:26
I find that the closure here is not optimal. Almost none of the answers over there cover the ground where we want to use the google client in testing, from a local dev, where going through setting a certificate is quite inappropriate, whereas answers here mostly address it. I wonder if this one could be phrased differently to insist on the local testing part even more. — Félix Adriyel Gagnon-Grenier, Sep 28 '21 at 23:35
@Félix Adriyel Gagnon-Grenier if you have any suggestions on how to do that, feel free to help out. It's been very long since I worked on that project and I could really use your help in helping others. — Sjors Hijgenaar, Sep 29 '21 at 07:00

score 142 · Accepted Answer · edited Jun 20 '20 at 09:12

142

If you are on Windows using Xampp, I am stealing a better answer from here, would be helpful if Google shows you this question first.

Download and extract for cacert.pem here (a clean file format/data)

https://curl.haxx.se/docs/caextract.html
Put it in :

C:\xampp\php\extras\ssl\cacert.pem
Add this line to your php.ini

curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
restart your webserver/Apache

edited Jun 20 '20 at 09:12

Community

1
1

answered Nov 08 '16 at 13:05

Phung D. An

2,402
1
22
23

2

And if you are using Wamp, you need to modify phpForApache.ini – Miguel Febres Dec 21 '20 at 01:54
3

I use wamp server. `C:\wamp64\bin\php\php7.4.4\phpForApache.ini` . Restarting PC worked for me. Thanks. – Sudhakar Krishnan Aug 02 '21 at 05:10
6 years and your solution just saved me today! Thanks! The same solution would work if you're running a custom WAMP configuration, not just xampp. – Mo- Sep 14 '22 at 08:14
1

tried, but not working – Blu Ycw Jan 29 '23 at 13:52

score 48 · Answer 2 · answered Mar 01 '16 at 08:25

48

Seeing I am using a local environment I can safely disable SSL, which i did using the following:

$guzzleClient = new \GuzzleHttp\Client(array( 'curl' => array( CURLOPT_SSL_VERIFYPEER => false, ), ));
$client->setHttpClient($guzzleClient);

Where $client is my Google_Client().

answered Mar 01 '16 at 08:25

Sjors Hijgenaar

1,232
1
16
30

Yep, quick fix for local testing. Thanks for saving me hours ! :-) – Nikita Yo LAHOLA Aug 30 '16 at 22:22
this works in an example. – Kabkee Nov 28 '16 at 05:54
Thanks helped me with spark post guzzle adapter thing thanks @Sjors – Akshay Shrivastav Apr 03 '17 at 13:21

score 30 · Answer 3 · answered Nov 16 '16 at 02:47

30

$guzzleClient = new \GuzzleHttp\Client(['verify' => false]);

Guzzle version 6

You could refer to Guzzle Docs at

http://docs.guzzlephp.org/en/latest/request-options.html#verify

answered Nov 16 '16 at 02:47

lijinma

2,914
1
23
22

score 28 · Answer 4 · edited Sep 24 '18 at 08:25

28

I work with xamps nothing of the above did work for me

I tried this and it worked

open vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php

and change this

$conf[CURLOPT_SSL_VERIFYHOST] = 2;
$conf[CURLOPT_SSL_VERIFYPEER] = true;

to this

$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = FALSE;

it's a temporary solution if you updated this file the changes will lost

edited Sep 24 '18 at 08:25

Muhammad Hassaan

7,296
6
30
50

answered Dec 27 '17 at 10:40

Abdalla Mohamed Aly Ibrahim

3,743
1
26
29

This helped me. Thanks a lot!!! – Danniel Little Nov 22 '18 at 21:24
2

Again, this is a temporal solution. How can we pass parameters from our code such that it reaches there and disables the parameter? – Akah Nov 29 '18 at 06:48

score 5 · Answer 5 · edited Jul 11 '17 at 11:48

5

for the essence of development and testing, You have two options to a quick fix

Use

$client = new GuzzleHttp\Client();
$request = $client->request('GET',$url, ['verify' => false]); //where $url is your http address

follow @Pham Huy Anh answer's above then do this

$client = new GuzzleHttp\Client();
$request = $client->request('GET',$url, ['verify' => 'C:\xampp\php\extras\ssl\cacert.pem']);

Hope it helps someone.

edited Jul 11 '17 at 11:48

Ankur Bhadania

4,123
1
23
38

answered Jul 09 '17 at 05:52

walecloud

306
3
5

1

by doing `['verify' => false]` worked for me – Pianistprogrammer Oct 17 '19 at 01:57

score 1 · Answer 6 · answered Feb 25 '16 at 21:29

1

PCI-DSS 3.1 requires all SSL to only TLS 1.2 so a lot of providers are simply turning everything but TLS 1.2 off. I ran into this type of issue where CURL saw the failure to downgrade handshakes as a failure to verify the SSL certificate. Try finding where your code is doing the CURL call and add this line (be sure to replace $ch with whatever CURL handle your code uses)

curl_setopt($ch, CURLOPT_SSLVERSION, 6);  // Force TLS 1.2

answered Feb 25 '16 at 21:29

Machavity

30,841
27
92
100

how doI find the CURL handle my code uses? I run locally with a WAMPserver – Sjors Hijgenaar Feb 29 '16 at 18:53
is curl_init() a proper way? Setting the SSLVERSION to 6 doesn't solve the problem. Setting SSL_VERIFYPEER to false doesn't work either. – Sjors Hijgenaar Feb 29 '16 at 18:59
There will be a line in your code using `curl_init();` to initialize the CURL request. If setting TLS 1.2 doesn't work I'm not sure what else could be wrong. – Machavity Feb 29 '16 at 20:13

score 0 · Answer 7 · answered Aug 03 '17 at 00:07

it also worked for me by downloading the cert from the link https://gist.github.com/VersatilityWerks/5719158/download then save it in C:\xampp\php\extras\ssl then edit php.ini. To get Php.ini quickly see the figure below enter image description here

Then STOP and reStart your apache again. it worked well !!!

score -3 · Answer 8 · edited Jun 21 '17 at 23:11

-3

$guzzleClient = new \GuzzleHttp\Client(['verify' => false]);

edited Jun 21 '17 at 23:11

Paul Roub

36,322
27
84
93

answered Jun 21 '17 at 15:23

abbas waranlu

5

3

This appears to be identical to the code in [the answer](https://stackoverflow.com/a/40623254/1575353) by lijnma... it doesn't appear to add anything beyond it... – Sᴀᴍ Onᴇᴌᴀ Jun 21 '17 at 16:37

cURL error 60: SSL certificate prblm: unable to get local issuer certificate

8 Answers8

Linked

Related