file get contents SSL operation failed with code 1 Failed to enable crypto

Question

I   ve been trying to access this particular REST service from a PHP page I   ve created on our server   I narrowed the problem down to these two lines   So my PHP page looks like this    lt  php  response   file get contents  https   maps co weber ut us arcgis rest services SDE composite locator GeocodeServer findAddressCandidates Street  amp SingleLine 3042 N 1050 W amp outFields   amp outSR 102100 amp searchExtent  amp f json     echo  response    gt    The page dies on line 2 with the following errors         Warning  file get contents    SSL operation failed with code 1    OpenSSL Error messages  error 14090086 SSL   routines SSL3 GET SERVER CERTIFICATE certificate verify failed in      php on line 2         Warning  file get contents    Failed to enable crypto in    php on   line 2   Warning    file get contents https   maps co weber ut us arcgis rest services SDE composite locator GeocodeServer findAddressCandidates Street  amp SingleLine 3042 N 1050 W amp outFields   amp outSR 102100 amp searchExtent  amp f json     failed to open stream  operation failed in    php on line 2         We   re using a Gentoo server   We recently upgraded to PHP version 5 6   It was after the upgrade when this problem appeared       I found when I replace the REST service with an address like https   www google com  my page works just fine     In an earlier attempt I set    verify peer     gt false  and passed that in as an argument to file get contents  as described here   file get contents ignoring verify peer  gt false   But like the writer noted  it made no difference     I   ve asked one of our server administrators if these lines in our php ini file exist    extension php openssl dll allow url fopen   On   He told me that since we   re on Gentoo  openssl is compiled when we build  and it   s not set in the php ini file     I also confirmed that allow url fopen is working   Due to the specialized nature of this problem  I   m not finding a lot of information for help   Have any of you come across something like this   Thanks

User · Answer

If your PHP version is 5  try installing cURL by typing the following command in the terminal   sudo apt-get install php5-curl

User · Answer

following below steps will fix this issue    Download the CA Certificate from this link  https   curl haxx se ca cacert pem Find and open php ini  Look for curl cainfo and paste the absolute path where you have download the Certificate  curl cainfo   C  wamp htdocs cert cacert pem  Restart WAMP XAMPP  apache server   It works    hope that helps

User · Answer

Had the same ssl-problem on my developer machine  php 7  xampp on windows  with a self signed certificate trying to fopen a  https   localhost     -file  Obviously the root-certificate-assembly  cacert pem  didn t work  I just copied manually the code from the apache server crt-File in the downloaded cacert pem and did the openssl cafile path to cacert pem entry in php ini

User · Answer

You can get around this problem by writing a custom function that uses curl  as in   function file get contents curl   url         ch   curl init       curl setopt   ch  CURLOPT AUTOREFERER  TRUE      curl setopt   ch  CURLOPT HEADER  0      curl setopt   ch  CURLOPT RETURNTRANSFER  1      curl setopt   ch  CURLOPT URL   url      curl setopt   ch  CURLOPT FOLLOWLOCATION  TRUE        data   curl exec   ch      curl close   ch       return  data       Then just use file get contents curl instead of file get contents whenever you re calling a url that begins with https

User · Answer

You shouldn t just turn off verification  Rather you should download a certificate bundle  perhaps the curl bundle will do  Then you just need to put it on your web server  giving the user that runs php permission to read the file   Then this code should work for you   arrContextOptions         ssl    gt             cafile    gt    path to bundle cacert pem            verify peer   gt  true           verify peer name   gt  true              response   file get contents       https   maps co weber ut us arcgis rest services SDE composite locator GeocodeServer findAddressCandidates Street  amp SingleLine 3042 N 1050 W amp outFields   amp outSR 102100 amp searchExtent  amp f json       false      stream context create  arrContextOptions      Hopefully  the root certificate of the site you are trying to access is in the curl bundle   If it isn t  this still won t work until you get the root certificate of the site and put it into your certificate file

User · Answer

You basically have to set the environment variable SSL CERT FILE to the path of the PEM file of the ssl-certificate downloaded from the following link   http   curl haxx se ca cacert pem   It took me a lot of time to figure this out

User · Answer

Regarding errors similar to       11-May-2017 19 19 13 America Chicago  PHP Warning   file get contents    SSL operation failed with code 1  OpenSSL Error messages    error 14090086 SSL routines ssl3 get server certificate certificate verify failed   Have you checked the permissions of the cert and directories referenced by openssl   You can do this    var dump openssl get cert locations       To get something similar to this    array 8        default cert file    gt    string 21    usr lib ssl cert pem      default cert file env    gt    string 13   SSL CERT FILE      default cert dir    gt    string 18    usr lib ssl certs      default cert dir env    gt    string 12   SSL CERT DIR      default private dir    gt    string 20    usr lib ssl private      default default cert area    gt    string 12    usr lib ssl      ini cafile    gt    string 0         ini capath    gt    string 0         This issue frustrated me for a while  until I realized that my  certs  folder had 700 permissions  when it should have had 755 permissions  Remember  this is not the folder for keys but certificates  I recommend reading this this link on ssl permissions   Once I did     chmod 755 certs   The problem was fixed  at least for me anyway

User · Answer

At first you need to have enabled curl extension in PHP  Then you can use this function  function file get contents ssl  url         ch   curl init        curl setopt  ch  CURLOPT SSL VERIFYPEER  FALSE       curl setopt  ch  CURLOPT HEADER  false       curl setopt  ch  CURLOPT FOLLOWLOCATION  true       curl setopt  ch  CURLOPT URL   url       curl setopt  ch  CURLOPT REFERER   url       curl setopt  ch  CURLOPT RETURNTRANSFER  TRUE       curl setopt  ch  CURLOPT CONNECTTIMEOUT  3000      3 sec      curl setopt  ch  CURLOPT TIMEOUT  10000      10 sec       result   curl exec  ch       curl close  ch       return  result     It works similar to function file get contents      Example  echo file get contents ssl  quot https   www example com  quot     Output   lt  doctype html gt   lt html gt   lt head gt       lt title gt Example Domain lt  title gt

User · Answer

Another thing to try is to re-install ca-certificates as detailed here     yum reinstall ca-certificates       update-ca-trust force-enable    update-ca-trust extract   And another thing to try is to explicitly allow the one site s certificate in question as described here  especially if the one site is your own server and you already have the  pem in reach      cp  your site pem  etc pki ca-trust source anchors    update-ca-trust extract   I was running into this exact SO error after upgrading to PHP 5 6 on CentOS 6 trying to access the server itself which has a cheapsslsecurity certificate which maybe it needed to be updated  but instead I installed a letsencrypt certificate and with these two steps above it did the trick  I don t know why the second step was necessary     Useful Commands  View openssl version     openssl version OpenSSL 1 0 1e-fips 11 Feb 2013   View PHP cli ssl current settings     php -i   grep ssl openssl Openssl default config   gt   etc pki tls openssl cnf openssl cafile   gt  no value   gt  no value openssl capath   gt  no value   gt  no value

User · Answer

Working for me  I am using PHP 5 6  openssl extension should be enabled and while calling google map api verify peer make false Below code is working for me    lt  php  arrContextOptions array       ssl   gt array            verify peer   gt false            verify peer name   gt false               url    https   maps googleapis com maps api geocode json latlng            latitude                      longitude           amp sensor false amp key           Yii   app- gt params  GOOGLE API KEY      data   file get contents  url  false  stream context create  arrContextOptions     echo  data    gt

User · Answer

I had the same issue for another secure page when using wget or file get contents   A lot of research  including some of the responses on this question  resulted in a simple solution - installing Curl and PHP-Curl - If I ve understood correctly  Curl has the Root CA for Comodo which resolved the issue  Install Curl and PHP-Curl addon  then restart Apache  sudo apt-get install curl sudo apt-get install php-curl sudo  etc init d apache2 reload   All now working

User · Answer

Just wanted to add to this since I ran into the same problem and nothing I could find anywhere would work  e g downloading the cacert pem file  setting cafile in php ini etc    If you are using NGINX and your SSL certificate comes with an  intermediate certificate   you need to combine the intermediate cert file with your main  mydomain com crt  file and it should work  Apache has a setting specific for intermediate certs  but NGINX does not so it must be within same file as your regular cert

User · Answer

I fixed this by making sure that that OpenSSL was installed on my machine and then adding this to my php ini   openssl cafile  usr local etc openssl cert pem

User · Answer

Had the same error with PHP 7 on XAMPP and OSX    The above mentioned answer in https   stackoverflow com  is good  but it did not completely solve the problem for me  I had to provide the complete certificate chain to make file get contents   work again  That s how I did it   Get root   intermediate certificate  First of all I had to figure out what s the root and the intermediate certificate    The most convenient way is maybe an online cert-tool like the ssl-shopper  There I found three certificates  one server-certificate and two chain-certificates  one is the root  the other one apparantly the intermediate    All I need to do is just search the internet for both of them  In my case  this is the root   thawte DV SSL SHA256 CA  And it leads to his url thawte com  So I just put this cert into a textfile and did the same for the intermediate  Done    Get the host certificate  Next thing I had to to is to download my server cert  On Linux or OS X it can be done with openssl   openssl s client -showcerts -connect whatsyoururl de 443  lt  dev null 2 gt  dev null openssl x509 -outform PEM  gt   tmp whatsyoururl de cert   Now bring them all together  Now just merge all of them into one file   Maybe it s good to just put them into one folder  I just merged them into one file   You can do it like this   cat  tmp thawteRoot crt  gt   tmp chain crt cat  tmp thawteIntermediate crt  gt  gt   tmp chain crt cat  tmp tmp whatsyoururl de cert  gt  gt   tmp chain crt   tell PHP where to find the chain  There is this handy function openssl get cert locations   that ll tell you  where PHP is looking for cert files  And there is this parameter  that will tell file get contents   where to look for cert files  Maybe both ways will work  I preferred the parameter way   Compared to the solution mentioned above    So this is now my PHP-Code   arrContextOptions array       ssl   gt array           cafile    gt    Applications XAMPP xamppfiles share openssl certs chain pem            verify peer   gt  true           verify peer name   gt  true              response   file get contents  myHttpsURL  0  stream context create  arrContextOptions      That s all  file get contents   is working again  Without CURL and hopefully without security flaws

User · Answer

After falling victim to this problem on centOS after updating php to php5 6 I found a solution that worked for me   Get the correct directory for your certs to be placed by default with this    php -r  print r openssl get cert locations    default cert file        Then use this to get the cert and put it in the default location found from the code above  wget http   curl haxx se ca cacert pem -O  lt default location gt

User · Answer

This was an enormously helpful link to find   http   php net manual en migration56 openssl php  An official document describing the changes made to open ssl in PHP 5 6 From here I learned of one more parameter I should have set to false    verify peer name   false     Note  This has very significant security implications  Disabling verification potentially permits a MITM attacker to use an invalid certificate to eavesdrop on the requests  While it may be useful to do this in local development  other approaches should be used in production    So my working code looks like this    lt  php  arrContextOptions array       ssl   gt array           verify peer   gt false           verify peer name   gt false                response   file get contents  https   maps co weber ut us arcgis rest services SDE composite locator GeocodeServer findAddressCandidates Street  amp SingleLine 3042 N 1050 W amp outFields   amp outSR 102100 amp searchExtent  amp f json   false  stream context create  arrContextOptions     echo  response    gt

User · Answer

Reason for this error is that PHP does not have a list of trusted certificate authorities   PHP 5 6 and later try to load the CAs trusted by the system automatically  Issues with that can be fixed  See http   php net manual en migration56 openssl php for more information   PHP 5 5 and earlier are really hard to setup correctly since you manually have to specify the CA bundle in each request context  a thing you do not want to sprinkle around your code  So I decided for my code that for PHP versions  lt  5 6  SSL verification simply gets disabled    req   new HTTP Request2  url   if  version compare PHP VERSION   5 6 0     lt             correct ssl validation on php 5 5 is a pain  so disable      req- gt setConfig  ssl verify host   false        req- gt setConfig  ssl verify peer   false

[php] file_get_contents(): SSL operation failed with code 1, Failed to enable crypto

Examples related to php

Examples related to rest

Examples related to ssl

Examples related to file-get-contents