Codeigniter CI Merchant SSL certificate verify failed

Question

Im using CI Merchant library in Codeigniter, below is the error message im getting after var_dump on $response

protected '_status' => string 'failed' (length=6)
protected '_message' => string 'SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' (length=146)

Below is my code

        $this->merchant->load('paypal_express');
        $settings = array(
            'username' => 'testaccount',
            'password' => 'accountpassword',
            'signature' => 'storename',
            'test_mode' => true
        );
        $this->merchant->initialize($settings);


        //redirect to success/failure of transaction
        $params = array(
            'amount' => $amount,
            'currency' => $currency,
            'return_url' => site_url('membership/complete/'.$memberid),
            'cancel_url' => site_url('membership/fail')
        ); /**/

        $response = $this->merchant->purchase_return($params);

What could be wrong? Thank you in advance

score 2 · Answer 1 · answered Oct 10 '13 at 09:56

2

I wouldn't recommend @stormdrain's solution, as it reduces the security of your server. The real problem is that PHP can't find the correct root CA certificate on your web server. Generally this is a case of talking to your web host and getting them to sort it out.

Or, you can upgrade to Omnipay which is the replacement for CI-Merchant, and internally it uses Guzzle which comes bundled with a root CA certificate. Therefore this problem will go away.

answered Oct 10 '13 at 09:56

Adrian Macneil

13,017
5
57
70

Bbbbut we don't know if they are trying to connect to their own server for which they don't have a cert. Although the best thing would be to get one and use omnipay as suggested (I didn't know about ci merchant being deprecated) , turning off those curl opts is a workaround :) – stormdrain Oct 10 '13 at 11:25
I did disable the curl opts and got another error "Security header is invalid". – smalliest onefifty Oct 10 '13 at 13:04
@Adrian could you please post a simple paypal_express implementation of omnipay within codeigniter :-| – smalliest onefifty Oct 10 '13 at 13:14
@smalliestonefifty http://stackoverflow.com/q/1712685/183254 http://stackoverflow.com/a/3051629/183254 – stormdrain Oct 10 '13 at 18:49
"Security header is invalid" means your paypal credentials are wrong, or you're trying to use test credentials without setting test mode, or vice versa. – Adrian Macneil Oct 10 '13 at 22:54

score 0 · Answer 2 · answered Oct 08 '13 at 13:15

0

What could be wrong? The certificate expired. The certificate is self-signed. The certificate was revoked. Can only guess without knowing what the URL you are connecting to is.

A possible fix is to modify the library you are using to ignore the error:

curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);

answered Oct 08 '13 at 13:15

stormdrain

7,915
4
37
76

Or a good fix would be to use Ominipay, as ci-merchant is no longer supported. – Vincent Vieira Oct 09 '13 at 12:14

score 0 · Answer 3 · answered Nov 21 '14 at 09:07

I guess you already solved your problem, but others maybe ran into the same issue.

Ensure you have placed the cacert.pem signature which comes with the ci-mercant library into your config/ directory. Currently on github locateded here

Had the same response & the exact same code snippet. This solved my issue.

Codeigniter CI Merchant SSL certificate verify failed

3 Answers3