9

Can't figure out what could be:

In my local environment, after I updated my OSX to the last version of Yosemite, I get this error:

CurlException: [curl] 51: SSL: certificate verification failed (result: 5) [url] 

I'm using Symfony2 so it is related to PHP. I tried to reinstall openssl but nothing happen.

Any suggestion?

marco.santonocito
  • 1,633
  • 1
  • 14
  • 28
  • I'm find that all PHP-based SSLs fail (and have done since Beta 2). Can't find a solution yet; interested to know if you can find a solution. – hellodaniel Aug 26 '14 at 03:56
  • I think its an error with cURL and Yosemite. Try in a command line `curl --cacert /path/to/cert.pem https://url`. I get the same '51' error. Telling the PHP not to set a cert seems to then work for me. Take a look at https://github.com/guzzle/guzzle/issues/819 – Jonny Barnes Sep 13 '14 at 11:27

5 Answers5

2

Look at the certificate chain for whatever domain is giving you this error. For me it was googleapis.com

openssl s_client -host www.googleapis.com -port 443

You'll get back something like this:

CONNECTED(00000005)
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googleapis.com
   i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
 1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign

Note: I captured this after I fixed the issue. Also, your chain output will look different.

Then you need to look at the certificates allowed in php running under apache. Run phpinfo() in a page.

<?php echo phpinfo();

Then look for the certificate file that's loaded from the page output by searching the page for openssl.cafile:

openssl.cafile openssl.cafile /usr/local/php5/ssl/certs/cacert.pem

This is the file you'll need to fix by adding the correct certificate(s) to it.

sudo nano /usr/local/php5/ssl/certs/cacert.pem

You basically need to append the correct certificate "signatures" to the end of this file.

You can find some of them here:

They look like this:

example certificate image

(Note: This is an image so people will not simply copy/paste certificates from stackoverflow)

If you need to convert a .crt to pem, you'll need to do something like this:

openssl x509 -inform DER -outform PEM -in GIAG2.crt -out GIA2.pem

Once the right certificates are in this file, restart apache and test.

TrophyGeek
  • 5,902
  • 2
  • 36
  • 33
1

Someone already asked a similar question, please look here: HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK

also, there is an article here: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

Community
  • 1
  • 1
Carsten Hellweg
  • 214
  • 1
  • 3
1

Fix for this problem is to unset the value for SSL_CERT_FILE

Run the command :

export SSL_CERT_FILE=""

And then try performing the desired actions and it will work properly.

Reference : Curl 'certificate verification failed' on mac

0

Try to downgrade curl from 7.37.1 (shipped with beta2) to 7.37.0

l4u
  • 126
  • 1
  • 4
-1

Add those options to ignore ceritificate:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

MilanG
  • 6,994
  • 2
  • 35
  • 64