90

Whilst trying to setup a php environment on windows (using wamp) to use the Amazon PHP SDK, when i try to run a sample test I get the following error:

Fatal error: Uncaught exception 'cURL_Exception' with message 'cURL resource: Resource id #10; cURL error: SSL certificate problem: unable to get local issuer certificate (cURL error code 60). See http://curl.haxx.se/libcurl/c/libcurl-errors.html for an explanation of error codes.' in C:\wamp\www\AWSSDKforPHP\lib\requestcore\requestcore.class.php on line 848

I have already added the following line to my php.ini

curl.cainfo = C:\Windows\ca-bundle.crt

which is the location of a certificate i created using this VBS script VBS-Script

I have restarted my WAMP service also.

PHP index curl reference

Improve this question
4
  • 6
    In case you don't care about the certification process, you may disable it altogether curl_setopt($rest, CURLOPT_SSL_VERIFYPEER, false); Commented Feb 9, 2015 at 18:29
  • This solved the problem for me - stackoverflow.com/a/32095378/178163 Basically there may be 2 php.ini files Commented Nov 28, 2016 at 20:31
  • 3
    For those bumping into this issue for the first time, like I did, the reason behind this, as far as I understand (correct me if I am wrong), is that unlike the situation of an HTTPS connection via a browser, a CURL request does not get the certificate from the server. So, we need to manually download the certificate of the site and add it to the PHP ini. This verification of certificate at the client's end is a part of the HTTPS connection process, and it seems, it can be bypassed. This is where the curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,false); comes into picture. Commented Feb 9, 2017 at 10:08
  • worked as a charm!!!! thanks! Commented Jul 22, 2017 at 16:14

13 Answers 13

Reset to default
236

Use this certificate root certificate bundle:

https://curl.haxx.se/ca/cacert.pem

Copy this certificate bundle on your disk. And use this on php.ini

curl.cainfo = "path_to_cert\cacert.pem"
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

And in case this does not solve the problem? I set curl_setopt($ch, CURLOPT_CAINFO, ini_get('curl.cainfo')); and in the php.ini [cURL] curl.cainfo = C:\dev\xampp\php\cacert.pem. The file is there, but I'm still getting the error 60. There's something I'm missing?
@Overflowh there are two types of php.ini: One for php-cli second for php-web(apache, nginx, ...). You need to set curl.cainfo = "path_to_cert\cacert.pem" for web one. On the other hand, If you can see curl.cainfo is true in your php info view, that time there might be permission issue.
Well, actually I can't see curl.cainfo in my php info. Does this mean that I put the value in the wrong file?
Yes, please double check your php.ini file location. You need to put that in web version
I have added in apache php.ini, but this didn't worked
|
33

i fixed this by modifying php.ini file at C:\wamp\bin\apache\apache2.4.9\bin\ 

curl.cainfo = "C:/wamp/bin/php/php5.5.12/cacert.pem"

first i was trying by modifying php.ini file at C:\wamp\bin\php\php5.5.12\ and it didn't work.

hope this helps someone who is searching for the right php.ini to modify

Improve this answer

2 Comments

Thanks. All it took was downloading the file from curl.haxx.se/ca/cacert.pem, and setting the path to it in the apache php.ini file like you said. Please be aware people, you can put the cacert anywhere you want, just make sure you put the path in correctly. Also, make sure you remove the semicolon!
Don't forget to reload apache after this.
18 
php --ini

This will tell you exactly which php.ini file is being loaded, so you know which one to modify. I wasted a lot of time changing the wrong php.ini file because I had WAMP and XAMPP installed.

Also, don't forget to restart the WAMP server (or whatever you use) after changing php.ini.

Improve this answer

1 Comment

life saver! 3 damn days troubleshooting and this turns out to be the issue
13

@Overflowh I tried the above answer also with no luck. I changed php version from 5.3.24 to 5.5.8 as this setting will only work in php 5.3.7 and above. I then found this http://flwebsites.biz/posts/how-fix-curl-error-60-ssl-issue I downloaded the cacert.pem from there and replaced the one I had download/made from curl.hxxx.se linked above and it all started working. I was trying to get paypal sandbox IPN to verify. Happy to say after the .pem swap all is ok using curl.cainfo setting in php.ini which still was not in 5.3.24.

Improve this answer

6 Comments

I was facing same issue and fixed by just downloading .pem file form above mentioned. Thanks
Haha I can't believe this! I own FLWebsites.biz and I ran into this post completely unaware that I was mentioned... I wrote that blog!
I've been trying to figure out the issue, and after 3-4 hours I finally stumbled on this answer. I said oh well, why not try another pem file again. And surprise: it finally worked. Thanks for finding that blog :)
This solved my cacert.pem problem under Windows 10, IIS. Thanks.
Sorry, I took my site down. Go directly to the source: curl.haxx.se/docs/caextract.html
|
8

@Hüseyin BABAL

I am getting error with above certificate but i try this certificate and its working.

https://gist.github.com/VersatilityWerks/5719158/download

Improve this answer

1 Comment

WOW. This is crazy. I was looking for a way to set the cacert.pem globally and ran into this. I AM VersatilityWerks haha. You used my gist.
5

The easiest solution to the problem is to add the below command in the field.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,false);

Using this will not need to add any certificate or anything.

Improve this answer

Comments

5

First, we need download this certificate root certificate bundle:

https://curl.haxx.se/ca/cacert.pem

Move this file to somewhere such as to PHP folder in Wamp/Xampp folder.

Then edit your "php.ini" :

curl.cainfo ="C:/path/to/your/cacert.pem"

and

openssl.cafile="C:/path/to/your/cacert.pem"

IMPORTANT:

Be sure that you open the "php.ini" file directly by your Window Explorer. (in my case: “C:\DevPrograms\wamp64\bin\php\php5.6.25\php.ini”).

Don't use the shortcut to "php.ini" in the Wamp/Xampp icon's menu in the System Tray. This shortcut didn't work in some cases I faced.

After saving "php.ini" you don't need to "Restart All Services" in Wamp icon or close/re-open CMD.

Try with " var_dump(openssl_get_cert_locations()); " and look at line : ["ini_cafile"]=> string(40) "C:/path/to/your/cacert.pem"

Done.

Improve this answer

1 Comment

Your note about opening the php.ini file through explorer actually worked! And I finally figured out that the php.ini from wamp icon has got a different path. Thank you!!!
3

Problem fixed, download https://curl.haxx.se/ca/cacert.pem and put it "somewhere", and add this line in php.ini :

curl.cainfo = "C:/somewhere/cacert.pem"

PS: I got this error by trying to install module on drupal with xampp.

Improve this answer

Comments

2

Add the below to php.ini [ use '/' instead of '\' in the path] curl.cainfo= "path/cacert.pem"

Restarted my XAMPP. It worked fine for me. Thanks

Improve this answer

Comments

2

if cacert.pem from above links doesn't working try this one worked for me

https://gist.github.com/VersatilityWerks/5719158/download

Improve this answer

Comments

1

First you have to download the certificate from this link

https://curl.haxx.se/ca/cacert.pem

and put it in a location you want the name of downloadable file is : cacert.pem So in my case I will put it under C:\wamp64\bin\php\cacert.pem

Then you have to specify the location of the php.ini file

For example, I am using php 7 the php.ini file is located at : C:\wamp64\bin\php\php7.0.10\php.ini

So access to that file and uncommit this line ;openssl.cafile

also update it to be looks like this openssl.cafile="C:\wamp64\bin\php\cacert.pem"

Finally restart your apache server and that's all

Improve this answer

Comments

1

IMPORTANT: after 4 hours , working with laravel 5.7 and php 7.+ and run/use php artisan serve on localhost trying to connect to mailgun.

IMPORTANT to resolve the problem do not work with IP http://127.0.0.1:8000 use localhost or set domain name by host file.

ok ,

Improve this answer

Comments

0

The solution is to edit the file php.ini located in your php version(for me it's php7.0.10) not the php.ini of apache. You will find a commented file like this ;curl.cainfo Just change this line like this curl.cainfo = "C:\permCertificate\cacert.pem"

Don't forget to create the "permCertificate" directory and copy the "cacert.pem" file inside it.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.