cURL error 60: SSL certificate: unable to get local issuer certificate

前端 未结 19 1319
天涯浪人
天涯浪人 2020-11-22 10:51

I use WAMP on a local development environment and am trying to charge a credit card but get the error message:

cURL error 60: SSL certificate problem:

相关标签:
19条回答
  • 2020-11-22 11:24

    Guzzle, which is used by cartalyst/stripe, will do the following to find a proper certificate archive to check a server certificate against:

    1. Check if openssl.cafile is set in your php.ini file.
    2. Check if curl.cainfo is set in your php.ini file.
    3. Check if /etc/pki/tls/certs/ca-bundle.crt exists (Red Hat, CentOS, Fedora; provided by the ca-certificates package)
    4. Check if /etc/ssl/certs/ca-certificates.crt exists (Ubuntu, Debian; provided by the ca-certificates package)
    5. Check if /usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)
    6. Check if /usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)
    7. Check if C:\windows\system32\curl-ca-bundle.crt exists (Windows)
    8. Check if C:\windows\curl-ca-bundle.crt exists (Windows)

    You will want to make sure that the values for the first two settings are properly defined by doing a simple test:

    echo "openssl.cafile: ", ini_get('openssl.cafile'), "\n";
    echo "curl.cainfo: ", ini_get('curl.cainfo'), "\n";
    

    Alternatively, try to write the file into the locations indicated by #7 or #8.

    0 讨论(0)
  • 2020-11-22 11:25

    Attention Wamp/Wordpress/windows users. I had this issue for hours and not even the correct answer was doing it for me, because i was editing the wrong php.ini file because the question was answered to XAMPP and not for WAMP users, even though the question was for WAMP.

    here's what i did

    Download the certificate bundle.

    Put it inside of C:\wamp64\bin\php\your php version\extras\ssl

    Make sure the file mod_ssl.so is inside of C:\wamp64\bin\apache\apache(version)\modules

    Enable mod_ssl in httpd.conf inside of Apache directory C:\wamp64\bin\apache\apache2.4.27\conf

    Enable php_openssl.dll in php.ini. Be aware my problem was that I had two php.ini files and I need to do this in both of them. First one can be located inside of your WAMP taskbar icon here.

    and the other one is located in C:\wamp64\bin\php\php(Version)

    find the location for both of the php.ini files and find the line curl.cainfo = and give it a path like this

    curl.cainfo = "C:\wamp64\bin\php\php(Version)\extras\ssl\cacert.pem"

    Now save the files and restart your server and you should be good to go

    0 讨论(0)
  • 2020-11-22 11:26

    I had this problem appear out-of-the-blue one day, when a Guzzle(5) script was attempting to connect to a host over SSL. Sure, I could disable the VERIFY option in Guzzle/Curl, but that's clearly not the correct way to go.

    I tried everything listed here and in similar threads, then eventually went to terminal with openssl to test against the domain with which I was trying to connect:

    openssl s_client -connect example.com:443 
    

    ... and received first few lines indicating:

    CONNECTED(00000003)
    depth=0 CN = example.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 CN = example.com
    verify error:num=21:unable to verify the first certificate
    verify return:1 
    

    ... while everything worked fine when trying other destinations (ie: google.com, etc)

    This prompted me to contact the domain I had been trying to connect to, and indeed, they had a problem on THEIR END that had crept up. It was resolved and my script went back to working.

    So... if you're pulling your hair out, give openssl a shot and see if there's anything up with the response from the location you are attempting to connect. Maybe the issue isn't so 'local' after all sometimes.

    0 讨论(0)
  • 2020-11-22 11:27

    Have you tried..

    curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);
    

    If you are consuming a trusted source you can skip the verify.

    0 讨论(0)
  • 2020-11-22 11:27

    For WAMP, this is what finally worked for me.
    While it is similar to others, the solutions mentioned on this page, and other locations on the web did not work. Some "minor" detail differed.
    Either the location to save the PEM file mattered, but was not specified clearly enough.
    Or WHICH php.ini file to be edited was incorrect. Or both.
    I'm running a 2020 installation of WAMP 3.2.0 on a Windows 10 machine.

    Link to get the pem file:

    http://curl.haxx.se/ca/cacert.pem
    Copy the entire page and save it as: cacert.pem, in the location mentioned below.

    Save the PEM file in this location

    <wamp install directory>\bin\php\php<version>\extras\ssl
    eg saved file and path: "T:\wamp64\bin\php\php7.3.12\extras\ssl\cacert.pem"

    *(I had originally saved it elsewhere (and indicated the saved location in the php.ini file, but that did not work). There might, or might not be, other locations also work. This was the recommended location - I do not know why.)

    WHERE
    <wamp install directory> = path to your WAMP installation.
    eg: T:\wamp64\

    <php version> of php that WAMP is running: (to find out, goto: WAMP icon tray -> PHP <version number>
    if the version number shown is 7.3.12, then the directory would be: php7.3.12)
    eg: php7.3.12

    Which php.ini file to edit

    To open the proper php.ini file for editing, goto: WAMP icon tray -> PHP -> php.ini.
    eg: T:\wamp64\bin\apache\apache2.4.41\bin\php.ini
    NOTE: it is NOT the file in the php directory!

    Update:
    While it looked like I was editing the file: T:\wamp64\bin\apache\apache2.4.41\bin\php.ini,
    it was actually editing that file's symlink target: T:/wamp64/bin/php/php7.3.12/phpForApache.ini.

    Note that if you follow the above directions, you are NOT editing a php.ini file directly. You are actually editing a phpForApache.ini file. (a post with info about symlinks)

    If you read the comments at the top of some of the php.ini files in various WAMP directories, it specifically states to NOT EDIT that particular file.
    Make sure that the file you do open for editing does not include this warning.

    Installing the extension Link Shell Extension allowed me to see the target of the symlink in the file Properites window, via an added tab. here is an SO answer of mine with more info about this extension.

    If you run various versions of php at various times, you may need to save the PEM file in each relevant php directory.

    The edits to make in your php.ini file:

    Paste the path to your PEM file in the following locations.

    • uncomment ;curl.cainfo = and paste in the path to your PEM file.
      eg: curl.cainfo = "T:\wamp64\bin\php\php7.3.12\extras\ssl\cacert.pem"

    • uncomment ;openssl.cafile= and paste in the path to your PEM file.
      eg: openssl.cafile="T:\wamp64\bin\php\php7.3.12\extras\ssl\cacert.pem"

    Credits:

    While not an official resource, here is a link back to the YouTube video that got the last of the details straightened out for me: https://www.youtube.com/watch?v=Fn1V4yQNgLs.

    0 讨论(0)
  • 2020-11-22 11:30

    All of the answers are correct ; but the most important thing is You have to find the right php.ini file. check this command in cmd " php --ini " is not the right answer for finding the right php.ini file.

    if you edit

    curl.cainfo ="PATH/cacert.pem"
    

    and check

    var_dump(openssl_get_cert_locations()); 
    

    then curl.cainfo should have a value. if not then that's not right php.ini file;

    *I recommend you to search *.ini in wamp/bin or xxamp/bin or any server you use and change them one by one and check it. *

    0 讨论(0)
提交回复
热议问题