1

I want to configure my Symfony4 application to read and send e-mails using the msgraph-sdk-php library.

My first experience was this piece of code:

    $guzzle = new \GuzzleHttp\Client();
    $url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
    $token = json_decode($guzzle->post($url, [
        'form_params' => [
            'client_id' => $clientId,
            'client_secret' => $clientSecret,
            'resource' => 'https://graph.microsoft.com/',
            'grant_type' => 'client_credentials',
        ],
        'verify' => false
    ])->getBody()->getContents());
    $accessToken = $token->access_token;

    $graph = new Graph();
    $graph->setAccessToken($accessToken);

    try {
        $user = $graph->createRequest("GET", "/me")
            ->setReturnType(User::class)
            ->execute();
    } catch (GraphException $e) {
        $user=(object) ['getGivenName'=>$e->getMessage()];
    }

    return "Hello, I am $user->getGivenName() ";

But then Symfony shows me an exception page with this message:

cURL error 60: SSL certificate problem: unable to get local issuer certificate

What should I do to overcome this?

VBobCat
  • 2,527
  • 4
  • 29
  • 56
  • Possible duplicate of [PHP - SSL certificate error: unable to get local issuer certificate](https://stackoverflow.com/questions/28858351/php-ssl-certificate-error-unable-to-get-local-issuer-certificate) – Dharman Jun 29 '19 at 15:51
  • @Dharman, I guess you may be right in the sense that error was really due to lack of certificates, and was solved by editing `php.ini` to add `curl.cainfo` and `openssl.cafile` keys, although I'm not using Apache, Xampp or Wamp, but instead Symfony's own server. But since @RenéHöhle took the time to answer my question, I think it's fair to keep the post and his accepted answer. I feel that there's no harm since the posts are now linked by your notice, and come consistently to the same solution. – VBobCat Jun 29 '19 at 20:52
  • 1
    Why not both? Accept the answer and the duplicate. I understand however that the duplicate is kind of in the grey area and I leave it up to your judgement. – Dharman Jun 29 '19 at 20:55
  • Ok, but, how can I do that? I edited my question to add the `guzzle` tag and the button to accept the duplicate is now gone... I didn't know I could accept both. I thought accepting the duplicate would remove my post and so its answer... Sorry. – VBobCat Jun 29 '19 at 20:56

1 Answers1

1

On Windows systems cURL can't access the CA-Certs sometimes. So you have to download the CA-Files and add them to Curl. You can download the certificate here:

http://curl.haxx.se/docs/caextract.html

curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . "/certs/cacert.pem");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

So to fix the problem temporary you can disable the Peer verification but you should do that only for testing.

$client->setDefaultOption('verify', false);

Then it should be possible to connect. To add the certificate you can to the following but then you have to download the certificate first.

$client = new \GuzzleHttp\Client();
$client->setDefaultOption('verify', 'curl-ca-bundle.crt');

Or last solution ad the ca file to your php.ini (The file from curl.haxx.se):

curl.cainfo = "[pathtothisfile]\cacert.pem"
René Höhle
  • 26,716
  • 22
  • 73
  • 82
  • That error was really due to lack of certificates, and I solving by editing `php.ini` to add `curl.cainfo` and `openssl.cafile` keys. There were a catch, tough: I had to add [Brazilian Root Certification Authority](https://www.iti.gov.br/repositorio/84-repositorio/143-repositorio-ac-raiz) to the `.pem` file. Now I get a different error, LOL: *Client error: `GET https://graph.microsoft.com/v1.0/me` resulted in a `403 Forbidden` response: { "error": { "code": Authorization_RequestDenied", "message": "Insufficient privileges to complete the ope (truncated...)* but this is a different issue. – VBobCat Jun 29 '19 at 20:45
  • So, I'll accept your answer because it solved the problem. – VBobCat Jun 29 '19 at 20:46