PHP - SSL certificate error unable to get local issuer certificate

Question

I m running PHP Version 5 6 3 as part of XAMPP on Windows 7   When I try to use the Mandrill API  I m getting the following error      Uncaught exception  Mandrill HttpError  with message  API call to messages send-template failed  SSL certificate problem  unable to get local issuer certificate    I already tried everything I read on StackOverflow  including adding the following to the php ini file   curl cainfo    C  xampp php cacert pem    And ofcourse downloaded to that location the cacert pem file from http   curl haxx se docs caextract html  but after all that  restarted XAMPP and Apache server but still getting the same error   I really don t know what else to try   Can anyone advise on what else can I try

User · Answer

Disclaimer  This code makes your server insecure    I had the same problem in Mandrill php file after line number 65 where it says  this- ch   curl init     Add following two lines   curl setopt  this- gt ch  CURLOPT SSL VERIFYHOST  0   curl setopt  this- gt ch  CURLOPT SSL VERIFYPEER  0     This solved my problem and also sent email using localhost but I suggest to NOT use it on live version live  On your live server the code should work without this code

User · Answer

I was facing a problem like this in my local system but not in the live server  I also mentioned another solution on this page its before  but that was not working in localhost so find a new solution of this  that is working in the localhost-WAMP Server      cURL Error   SSL certificate problem  unable to get local issuer   certificate   sometimes system could not find your cacert pem in your drive  so you can define this in your code where you are going to use CURL     Note that i am fulfilling all conditions for this like OPEN-SSL library active and other things    check this code of CURL     curl   curl init     curl setopt array  curl  array              CURLOPT URL   gt  url              CURLOPT HTTP VERSION   gt  CURL HTTP VERSION 1 1              CURLOPT CUSTOMREQUEST   gt   GET               CURLOPT RETURNTRANSFER  gt  true              curl setopt  curl  CURLOPT CAINFO   f  wamp bin cacert pem        lt ------  curl setopt  curl  CURLOPT CAPATH   f  wamp bin cacert pem        lt ------  response   json decode curl exec  curl  true    err   curl error  curl   curl close  curl     but this solution may not work in live server  because of absolute path of cacert pem

User · Answer

If none of the solutions above are working for you try updating your XAMPP installation to a newer version   I was running XAMPP with php 5 5 11  the same exact code didn t work  I upgraded to XAMPP with php 5 6 28 and the solutions above worked   Additionally only updating PHP didn t work either seems like a combination of apache and php settings on that version of XAMPP   Hope it helps someone

User · Answer

I have Very Simple Solution of this problem  You can do this without any certificate file    Go on Laravel Root Folder -  Vender -  guzzlehttp -  guzzle -  src  open Client php  find  defaults Array   that look like this way      defaults          allow redirects    gt  RedirectMiddleware   defaultSettings       http errors        gt  true       decode content     gt  true       verify             gt  true       cookies            gt  false      Now main Job is to change value of verify key      verify             gt  false    So After this it will not check SSL Certificate for CURL Request    This Solution is work for me  I find this solution after many research

User · Answer

When you view the http   curl haxx se docs caextract html  page  you will notice in big letters a section called      RSA-1024 removed   Read it  then download the version of the certificates that includes the  RSA-1024  certificates  https   github com bagder ca-bundle blob e9175fec5d0c4d42de24ed6d84a06d504d5e5a09 ca-bundle crt  Those will work with Mandrill   Disabling SSL is a bad idea

User · Answer

Thanks  Mladen Janjetovic   Your suggestion worked for me in mac with ampps installed   Copied  http   curl haxx se ca cacert pem  To   Applications AMPPS extra etc openssl certs cacert pem  And updated php ini with that path and restarted Apache    curl    A default value for the CURLOPT CAINFO option  This is required to be an   absolute path  curl cainfo   Applications AMPPS extra etc openssl certs cacert pem  openssl cafile   Applications AMPPS extra etc openssl certs cacert pem    And applied same setting in windows AMPPS installation and it worked perfectly in it too    curl    A default value for the CURLOPT CAINFO option  This is required to be an   absolute path  curl cainfo  C  Ampps php extras ssl cacert pem  openssl cafile  C  Ampps php extras ssl cacert pem      Same for wamp    curl    A default value for the CURLOPT CAINFO option  This is required to be an   absolute path  curl cainfo  C  wamp bin php php5 6 16 extras ssl cacert pem  openssl cafile  C  wamp bin php php5 6 16 extras ssl cacert pem    If you are looking for generating new SSL certificate using SAN for localhost  steps on this post worked for me on Centos 7   Vagrant   Chrome Browser

User · Answer

for guzzle you can try this      client   new Client env  API HOST      client- gt setSslVerification false     tested on guzzle guzzle 3

User · Answer

I got the error like    failed loading cafile stream   C  xamppPhp apache bin curl-ca-bundle crt    I am using windows machine  So I followed the below steps   1  I have downloaded  pem file from   https   curl haxx se docs caextract html    2  Then I kept the downloaded file inside   C  xamppPhp apache bin   folder and renamed the same downloaded file to  curl-ca-bundle crt    3  I restarted XAMPP and cleared the cache  4  It s done    Hope it may help someone

User · Answer

I tried this it works  open   vendor guzzlehttp guzzle src Handler CurlFactory php   and change this    conf CURLOPT SSL VERIFYHOST    2    enter code here  conf CURLOPT SSL VERIFYPEER    true    to this   conf CURLOPT SSL VERIFYHOST    0   conf CURLOPT SSL VERIFYPEER    FALSE

User · Answer

The above steps  though helpful  didnt work for me on Windows 8  I don t know the co-relation  but the below steps worked  Basically a change in the cacert pem file  Hope this helps someone    Download cacert pem file from here  http   curl haxx se docs caextract html  Save the file in your PHP    installation folder   eg  If using xampp     save it in c  Installation Dir xampp php cacert pem    Open your php ini file and add these lines  curl cainfo    C  Installation Dir xampp php cacert pem     openssl cafile    C  Installation Dir xampp php cacert pem     Restart your Apache server and that should fix it  Simply stop and start the services as needed

User · Answer

Finally got this to work    Download the certificate bundle  Put it somewhere  In my case  that was c  wamp  directory  if you are using Wamp 64 bit then it s c  wamp64    Enable mod ssl in Apache and php openssl dll in php ini  uncomment them by removing   at the beginning   But be careful  my problem was that I had two php ini files and I need to do this in both of them  One is the one you get from your WAMP taskbar icon  and another one is  in my case  in C  wamp bin php php5 5 12  Add these lines to your cert in both php ini files   curl cainfo  C  wamp cacert pem  openssl cafile  C  wamp cacert pem   Restart Wamp services

User · Answer

I found new Solution without any required certification to call curl only add two line code   curl setopt  ch  CURLOPT FOLLOWLOCATION  TRUE   curl setopt  ch  CURLOPT SSL VERIFYPEER  false

User · Answer

I have a proper solution of this problem  lets try and understand the root cause of this issue  This issue comes when remote servers ssl cannot be verified using root certificates in your system s certificate store or remote ssl is not installed along with chain certificates  If you have a linux system with root ssh access  then in this case you can try updating your certificate store with below command   update-ca-certificates  If still  it doesn t work then you need to add root and interim certificate of remote server in your cert store  You can download root and intermediate certs and add them in  usr local share ca-certificates directory and then run command update-ca-certificates  This should do the trick  Similarly for windows you can search how to add root and intermediate cert   The other way you can solve this problem is by asking remote server team to add ssl certificate as a bundle of domain root cert  intermediate cert and root cert

User · Answer

If you don t have access to php ini  adding this code  after your  ch   curl init    line  works for me    certificate location    C  Program Files  x86  EasyPHP-Devserver-16 1 ca-bundle crt      modify this line accordingly  may need to be absolute  curl setopt  ch  CURLOPT CAINFO   certificate location   curl setopt  ch  CURLOPT CAPATH   certificate location     Then  you will just need to download ca-bundle crt and save it to location you specified in  certificate location

User · Answer

Another reason this error can occur is if a CA bundle has been removed from your system  and is no longer available in ca-certificates   This is currently the situation with the GeoTrust Global CA which  among other things  is used to sign Apple s certificate for APNS used for Push Notifications  Additional details can be found on the bug report here  https   bugs debian org cgi-bin bugreport cgi bug 962596 You can manually add the GeoTrust Global CA certificate on your machine as suggested by Carlos Alberto Lopez Perez  wget --no-check-certificate -c https   www geotrust com resources root certificates certificates GeoTrust Global CA pem      amp  amp  mkdir  usr local share ca-certificates extra                                                                          amp  amp  mv GeoTrust Global CA pem  usr local share ca-certificates extra GeoTrust Global CA crt                               amp  amp  update-ca-certificates

User · Answer

elaborating on the above answers for server deployment    hostname   gethostname    if  hostname   mydevpc         curl setopt  ch  CURLOPT FOLLOWLOCATION  TRUE       curl setopt  ch  CURLOPT SSL VERIFYPEER  false       should do the trick for development environment without compromising the server when deployed

User · Answer

I had the same issue during building my app in AppVeyor    Download https   curl haxx se ca cacert pem to c  php Enable openssl echo extension php openssl dll  gt  gt  c  php php ini Locate certificateecho curl cainfo c  php cacert pem  gt  gt  c  php php ini

[php] PHP - SSL certificate error: unable to get local issuer certificate

Examples related to php

Examples related to ssl

Examples related to curl

Examples related to xampp

Examples related to mandrill