Problem:
While running some unit tests on a managed project, I ran across an issue from the Guzzle library.
cURL error 60: SSL certificate problem: unable to get local issuer certificate
Solution:
The latest version of cURL does not ship with a bundle of root certificates. This is due to security concerns in the past. Instead, they have you provide the root certificates that should be valid as certificate authorities. Most of us are really only concerned with the main ones likes Equifax, GlobalSign, and Verisign.
There are several ways to solve this problem, but what I decided to do was allow PHP on my system to always reference the same PEM file instead of other methods (like telling cURL not validate the peer certificate - please note this is a bad idea!).
In order to solve this problem, we need to obtain a version of this cacert.pem file that has not been corrupted. I found mine from the cURL web site which links to Mozilla.orgs CAs.
Once I had downloaded the pem file, I placed it in a common development directory on my Windows machine.
Last, we just need to tell PHP where to look for this file. Open your php.ini file and set the following property*:
openssl.cafile="C:\dev\cacert.pem"
Hope this solves some head scratching.
*This may change if you use something other than OpenSSL.
No comments:
Post a Comment