1

I'm struck with the same issue which many of them have faced before, hope someone can help me.

I'm getting this error after my client has added SSL certificate to the server.

I've been searching in google and forums the whole day but couldn't fix it so finally i'm posting it here.

My code below : 

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_VERBOSE, 1); 
//curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."\cacert.pem");
curl_setopt ($ch, CURLOPT_CAPATH, dirname(__FILE__)."\cacert.pem");
curl_setopt($ch, CURLOPT_STDERR, fopen(dirname(__FILE__)."/curl_debug.txt", "w+"));
if(curl_exec($ch) === false)
{
    echo 'Curl error: ' . curl_error($ch);
}
exit;

I've added these two lines to php.ini file : 

[curl]
curl.cainfo="C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"

[openssl]
openssl.cafile="C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"

And tried downloading the latest cacert.pem file

And tried the above code by giving the absolute path to the file : 

//curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."\cacert.pem");

Nothing works, All i get is the same error :

Curl error: SSL certificate problem: unable to get local issuer certificate"

And I added "CURLOPT VERBOSE" to look in detail, below is what I received :

* Hostname in DNS cache was stale, zapped
*   Trying xxx.xxx.x.x...
* Connected to mywebsite.com (xxx.xxx.x.x) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem
  CApath: C:\xampp\htdocs\projects\myproject\includes\cacert.pem
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0

Note : I added CAPath since it showed CAPath : None, when not specified.

Would be great if anyone could advise me on the above.

Many Thanks

Vijay
  • 139
  • 2
  • 13
  • 1) Is it a valid certificate or a self signed? 2) where is curl running, is it on a local development XAMP or in a production environment like a hosting? – Juan Sep 26 '17 at 13:57
  • The SSL was issued by Comodo and its on local development XAMPP running in my localhost – Vijay Sep 26 '17 at 14:09
  • try using `/` instead of \ in your paths – delboy1978uk Sep 26 '17 at 15:07
  • also look here https://stackoverflow.com/questions/24372942/ssl-error-unable-to-get-local-issuer-certificate – delboy1978uk Sep 26 '17 at 15:08
  • 1
    It looks like the CAfile is lacking the proper cert. What if you use cacert.pem from https://curl.haxx.se/docs/caextract.html ? – drew010 Sep 27 '17 at 02:13
  • @delboy1978uk I tried using / instead \ in my paths but still same error and the link you shared gives a crt. should try replacing it with my cacert? – Vijay Sep 27 '17 at 04:17
  • @drew010 Yes, i've mentioned in my question as well, same error when i tried. – Vijay Sep 27 '17 at 04:17
  • Would it be possible to share the URL so we can grab the appropriate CA cert from the site in question so you can add it to your CA file and see if this fixes things? Or, go to the site in your browser, and view the cert, then export the root CA (easier in FF/Chrome than IE) and try adding it. – drew010 Sep 27 '17 at 16:31
  • @drew010 i treid exporting it from firefox and getting the same error.Meanwhile when i tried the host with port number like [http://example.com:24](http://example.com:24/) i get the following error "Curl error: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol" – Vijay Sep 28 '17 at 06:34

1 Answers1

1

In Windows XAMP, when using CURL I have to set curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); I understand this is some kind of bug.

Obviously this bypasses the verification intended when using SSL so it is a workaround only for development.

Juan
  • 5,525
  • 2
  • 15
  • 26