0

I'm getting the classic php curl error "unable to get local issuer certificate". Here are some more information from the curl debug:

Trying 133.7.42.21...

TCP_NODELAY set

Connected to example.adress.com (133.7.42.21) port 443 (#0)

  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: C:\some_absolute_path\cacert.pem
  • CApath: none

  • SSL certificate problem: unable to get local issuer certificate

    Curl_http_done: called premature == 1\n* Closing connection 0\n

As you can see the i tried to used the "cacert.pem" file from Mozilla. I tried all of them but none of them worked.

The PHP Code:

        $curl = curl_init($location);
        //set verifier from interface host
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);

        //set host global certificate
        curl_setopt($curl, CURLOPT_CAINFO, $globla_cert);

        //set certificate
        curl_setopt($curl, CURLOPT_SSLCERT, $ssl_cert);
        //set private key
        curl_setopt($curl, CURLOPT_SSLKEY, $ssl_cert_key);
        //set private key password
        curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $ssl_cert_password);

        //set curl debug output
        curl_setopt($curl, CURLOPT_VERBOSE, true);
        $verbose = fopen('php://temp', 'w+');
        curl_setopt($curl, CURLOPT_STDERR, $verbose);
        //curl_setopt($curl, CURLINFO_HEADER_OUT, true);
        //set ssl version
        curl_setopt($curl, CURLOPT_SSLVERSION, 6);


        curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($curl, CURLOPT_POST, TRUE);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $request);
        curl_setopt($curl, CURLOPT_HEADER, FALSE);
        curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
        curl_setopt($curl, CURLOPT_TIMEOUT, $timeout);
        curl_setopt($curl, CURLOPT_CONNECTTIMEOUT_MS, $connecttimeout);
        $response = curl_exec($curl);

It will work without the Global cert when i disable CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST but this is a NOGO

I'm currently using XAMPP with PHP Version 7.0.15. The Apache has the mod_ssl enabled. PHP has the openssl and the curl extension enabled.

Things that i tried:

  • Set the path inside the php.ini:

    openssl.cainfo= "C:\some_absolute_path\cacert.pem" openssl.cafile= "C:\some_absolute_path\cacert.pem"

  • Throw the cert in the default path that i got with var_dump(openssl_get_cert_locations()); That was "C:\openssl-1.0.2j-win32\ssl" for me.

  • Throw the cert in "C:\xampp\php"

Now i don't find anymore "fixes" that i can try, has someone an idea what it could be?

MrWook
  • 348
  • 3
  • 11
  • Try this https://seegatesite.com/the-steps-how-to-install-openssl-on-xampp-windows/ and restart apache once you done – Thamaraiselvam Oct 05 '17 at 09:04
  • Doesn't this give me just the opportunity to use HTTPS with localhost? And btw it didn't work but thanks for the reply :( – MrWook Oct 05 '17 at 09:19
  • check my solution that is 100% work... https://stackoverflow.com/questions/28858351/php-ssl-certificate-error-unable-to-get-local-issuer-certificate/61177063#61177063 – pankaj Apr 12 '20 at 19:36

1 Answers1

0

The problem is resolved.

It wasn't a technical problem. The certificate that i received for the Service wasn't valid anymore and the new certificate isn't in the "cacert.pem" from Mozilla like the old one.

Community
  • 1
  • 1
MrWook
  • 348
  • 3
  • 11
  • https://stackoverflow.com/questions/28858351/php-ssl-certificate-error-unable-to-get-local-issuer-certificate/61177063#61177063 – pankaj Apr 12 '20 at 19:36