1

There is one server where php application is hosted under IIS. I have installed the ".pfx" file on the server and associated it with IIS application.

When developers connects to this application , they are getting below error.

This certificate is valid (not expired) and issued by an authorized org.

"cURL error 60: SSL certificate problem: self signed certificate in certificate chain"

Don't know why they are getting errors. I don't want to turn off the "CURLOPT_SSL_VERIFYPEER " option.

What I have found , when an application connects to the server, it accepts that request. But then this request makes another API guzzle call to get some data. AT this stage , the application is throwing an error.

Why is it causing this issue ? and How to fix this error?

kreya
  • 1,091
  • 5
  • 24
  • 52
  • "self signed certificate in certificate chain", that's it. You have to use a real certificate or turn off CURLOPT_SSL_VERIFYPEER. No other option. – Lex Li Oct 16 '20 at 16:52
  • @lexi , this is not a self signed certificate. This .pfx file is issued by trusted CA. – kreya Oct 19 '20 at 04:48
  • https://docs.jexusmanager.com/tutorials/ssl-diagnostics.html You will have to run a report to see exactly. – Lex Li Oct 19 '20 at 06:04
  • Curl doesn't have built-in root certificates. You hav eto point it to a cacert.pem file: `curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cert/file/cacert.pem');` .You can get the cacert.pem file here: http://curl.haxx.se/docs/caextract.html https://stackoverflow.com/questions/21187946/curl-error-60-ssl-certificate-issue-self-signed-certificate-in-certificate-cha – Jalpa Panchal Oct 19 '20 at 06:54

0 Answers0