Resolving error "SSL certificate problem: self signed certificate in certificate chain"

  sonic0002        2016-06-26 07:17:23       29,559        1    

In a PHP application, cURL is frequently used to make connection to remote server to request some resource. It can be used to transfer data with different protocols such as HTTP, HTTPS, FTP etc.

While using cURL in PHP, someone may get an error with message similar to "SSL certificate problem: self signed certificate in certificate chain".

This may happen when cURL tries to make a SSL connection server and the server returns a server certificate which is self-signed and it's not trusted by the client(in the client CA store). In this case, you may need to follow below steps to resolve this issue.

  1. Download the CA certs from http://curl.haxx.se/ca/cacert.pem.
  2. Download the CA certificate of the server which sends the certificate chain containing the self-signed certificate. For example, if you are building a Twilio application, you can download the certificate file from https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
  3. Open the certificate file downloaded in step 2 and copy the contents(Usually BASE64 encoded certificate) to the one downloaded in step 1. And save the certificate file.
  4. Open php.ini, go to the section [curl] and update it like
    [curl]
    ; A default value for the CURLOPT_CAINFO option. This is required to be an
    ; absolute path.
    curl.cainfo = c:/wamp/cacert/cacert.pem
  5. Save it and restart your server.

One last remind, the curl.cainfo should point to an absolute path.

PHP  SSL  CURL  TWILIO 

       

  RELATED


  1 COMMENT


Anonymous [Reply]@ 2017-06-23 07:33:35

This article is total crap



  RANDOM FUN

What an embarrassment