0

I currently am making a php application.

I am testing connections to azure and aws. These require a certificate authority.

I found the package certainty that can manage these. Great!

But when using it, I encounter:

Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in \vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php:186

This happens when executing the following:

$fetcher = new RemoteFetch(\CertaintyDataDir);//using a declared constant
echo "<p>After remote fetch instantiation:</p>";
$latestCACertBundle = $fetcher->getLatestBundle();
echo "<p>CA Cert Path: ".$latestCACertBundle->getFilePath()."</p>";

So it seems to use certainty to download and verify the certs, I need certs that are valid. Isn't this a catch 22, and makes certainty useless?

(it's supposed to prevent out of date certs, but once a cert becomes out of date, it no longer works)

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Richard Duerr
  • 566
  • 8
  • 24
  • Is this [a valid Duplicate](https://stackoverflow.com/questions/24611640/curl-60-ssl-certificate-unable-to-get-local-issuer-certificate) – RiggsFolly Oct 18 '18 at 14:08
  • I think its saying it cannot find the certificate of the signing authority that should have signed your certificate. Did you get your certificate signed? – RiggsFolly Oct 18 '18 at 14:19
  • It is specifying that it can't find the "issuer certificate" (the certificate authority) for the operation I want to perform. It's not a duplicate, because to solve that, you need a hardcoded cacert.pem file, which CERTAINTY aims to avoid. If I hardcode this here, it defeats the purpose of certainty, because i'll still have to update THAT cacert.pem every few months or certainty will fail making the call. – Richard Duerr Oct 18 '18 at 14:53

0 Answers0