Related
I'm running PHP Version 5.6.3 as part of XAMPP on Windows 7.
When I try to use the Mandrill API, I'm getting the following error:
Uncaught exception 'Mandrill_HttpError' with message 'API call to messages/send-template failed: SSL certificate problem: unable to get local issuer certificate'
I already tried everything I read on StackOverflow, including adding the following to the php.ini file:
curl.cainfo = "C:\xampp\php\cacert.pem"
And ofcourse downloaded to that location the cacert.pem file from http://curl.haxx.se/docs/caextract.html
but after all that, restarted XAMPP and Apache server but still getting the same error.
I really don't know what else to try.
Can anyone advise on what else can I try?
Finally got this to work!
Download the certificate bundle.
Put it somewhere. In my case, that was c:\wamp\ directory (if you are using Wamp 64 bit then it's c:\wamp64\).
Enable mod_ssl in Apache and php_openssl.dll in php.ini (uncomment them by removing ; at the beginning). But be careful, my problem was that I had two php.ini files and I need to do this in both of them. One is the one you get from your WAMP taskbar icon, and another one is, in my case, in C:\wamp\bin\php\php5.5.12\
Add these lines to your cert in both php.ini files:
curl.cainfo="C:/wamp/cacert.pem"
openssl.cafile="C:/wamp/cacert.pem"
Restart Wamp services.
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I had the same problem in Mandrill.php file after line number 65 where it says $this->ch = curl_init();
Add following two lines:
curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0);
This solved my problem and also sent email using localhost but I suggest to NOT use it on live version live. On your live server the code should work without this code.
Thanks #Mladen Janjetovic,
Your suggestion worked for me in mac with ampps installed.
Copied: http://curl.haxx.se/ca/cacert.pem
To: /Applications/AMPPS/extra/etc/openssl/certs/cacert.pem
And updated php.ini with that path and restarted Apache:
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
openssl.cafile="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
And applied same setting in windows AMPPS installation and it worked perfectly in it too.
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="C:/Ampps/php/extras/ssl/cacert.pem"
openssl.cafile="C:/Ampps/php/extras/ssl/cacert.pem"
:
Same for wamp.
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="C:/wamp/bin/php/php5.6.16/extras/ssl/cacert.pem"
openssl.cafile="C:/wamp/bin/php/php5.6.16/extras/ssl/cacert.pem"
If you are looking for generating new SSL certificate using SAN for localhost, steps on this post worked for me on Centos 7 / Vagrant / Chrome Browser.
When you view the http://curl.haxx.se/docs/caextract.html page, you will notice in big letters a section called:
RSA-1024 removed
Read it, then download the version of the certificates that includes the 'RSA-1024' certificates.
https://github.com/bagder/ca-bundle/blob/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt
Those will work with Mandrill.
Disabling SSL is a bad idea.
The above steps, though helpful, didnt work for me on Windows 8. I don't know the co-relation, but the below steps worked. Basically a change in the cacert.pem file. Hope this helps someone.
Download cacert.pem file from here:
http://curl.haxx.se/docs/caextract.html
Save the file in your PHP installation folder. (eg: If using xampp – save it in c:\Installation_Dir\xampp\php\cacert.pem).
Open your php.ini file and add these lines:
curl.cainfo=”C:\Installation_Dir\xampp\php\cacert.pem”
openssl.cafile=”C:\Installation_Dir\xampp\php\cacert.pem”
Restart your Apache server and that should fix it (Simply stop and start the
services as needed).
Note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I found new Solution without any required certification to call curl only add two line code.
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
If you don't have access to php.ini, adding this code (after your $ch = curl_init(); line) works for me:
$certificate_location = "C:\Program Files (x86)\EasyPHP-Devserver-16.1\ca-bundle.crt"; // modify this line accordingly (may need to be absolute)
curl_setopt($ch, CURLOPT_CAINFO, $certificate_location);
curl_setopt($ch, CURLOPT_CAPATH, $certificate_location);
Then, you will just need to download ca-bundle.crt and save it to location you specified in $certificate_location.
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I tried this it works
open
vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php
and change this
$conf[CURLOPT_SSL_VERIFYHOST] = 2;
$conf[CURLOPT_SSL_VERIFYPEER] = true;
to this
$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = FALSE;
Note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
elaborating on the above answers for server deployment.
$hostname = gethostname();
if($hostname=="mydevpc")
{
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
should do the trick for development environment without compromising the server when deployed.
I was facing a problem like this in my local system but not in the live server. I also mentioned another solution on this page its before, but that was not working in localhost.so find a new solution of this, that is working in the localhost-WAMP Server.
cURL Error #:SSL certificate problem: unable to get local issuer
certificate
sometimes system could not find your cacert.pem in your drive. so you can define this in your code where you are going to use CURL
Note that i am fulfilling all conditions for this like OPEN-SSL library active and other things.
check this code of CURL.
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL =>$url,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_RETURNTRANSFER=> true,
));
curl_setopt($curl, CURLOPT_CAINFO, "f:/wamp/bin/cacert.pem"); // <------
curl_setopt($curl, CURLOPT_CAPATH, "f:/wamp/bin/cacert.pem"); // <------
$response = json_decode(curl_exec($curl),true);
$err = curl_error($curl);
curl_close($curl);
but this solution may not work in live server. because of absolute path of cacert.pem
On Amazon Linux (CentOS / Red Hat etc) I did the following to fix this issue. First copy the cacert.pem downloaded from http://curl.haxx.se/ca/cacert.pem and put it in the /etc/pki/ca-trust/source/anchors/ directory. Then run the update-ca-trust command.
Here is a one liner taken from https://serverfault.com/questions/394815/how-to-update-curl-ca-bundle-on-redhat
curl https://curl.se/ca/cacert.pem -o /etc/pki/ca-trust/source/anchors/curl-cacert-updated.pem && update-ca-trust
However since curl was broken I actually used this command to download the cacert.pem file.
wget --no-check-certificate http://curl.haxx.se/ca/cacert.pem
After running the update-ca-trust command you can restart the web server service httpd restart for apache or service nginx restart for nginx.
I have Very Simple Solution of this problem. You can do this without any certificate file.
Note that this solution is valid for local system not client server and Production server.
Go on Laravel Root Folder -> Vender -> guzzlehttp -> guzzle -> src
open Client.php
find $defaults Array . that look like this way ..
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => true,
'cookies' => false
];
Now main Job is to change value of verify key ..
'verify' => false,
So After this it will not check SSL Certificate for CURL Request... This Solution is work for me. I find this solution after many research ...
I had the same issue during building my app in AppVeyor.
Download https://curl.haxx.se/ca/cacert.pem to c:\php
Enable openssl echo extension=php_openssl.dll >> c:\php\php.ini
Locate certificateecho curl.cainfo=c:\php\cacert.pem >> c:\php\php.ini
I have a proper solution of this problem, lets try and understand the root cause of this issue. This issue comes when remote servers ssl cannot be verified using root certificates in your system's certificate store or remote ssl is not installed along with chain certificates. If you have a linux system with root ssh access, then in this case you can try updating your certificate store with below command:
update-ca-certificates
If still, it doesn't work then you need to add root and interim certificate of remote server in your cert store. You can download root and intermediate certs and add them in /usr/local/share/ca-certificates directory and then run command update-ca-certificates. This should do the trick. Similarly for windows you can search how to add root and intermediate cert.
The other way you can solve this problem is by asking remote server team to add ssl certificate as a bundle of domain root cert, intermediate cert and root cert.
Another reason this error can occur is if a CA bundle has been removed from your system (and is no longer available in ca-certificates).
This is currently the situation with the GeoTrust Global CA which (among other things) is used to sign Apple's certificate for APNS used for Push Notifications.
Additional details can be found on the bug report here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962596
You can manually add the GeoTrust Global CA certificate on your machine as suggested by Carlos Alberto Lopez Perez:
wget --no-check-certificate -c https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem \
&& mkdir /usr/local/share/ca-certificates/extra \
&& mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt \
&& update-ca-certificates
If none of the solutions above are working for you try updating your XAMPP installation to a newer version.
I was running XAMPP with php 5.5.11, the same exact code didn't work, I upgraded to XAMPP with php 5.6.28 and the solutions above worked.
Additionally only updating PHP didn't work either seems like a combination of apache and php settings on that version of XAMPP.
Hope it helps someone.
I got the error like :
failed loading cafile stream: `C:\xamppPhp\apache\bin\curl-ca-bundle.crt`
I am using windows machine. So I followed the below steps.
1. I have downloaded .pem file from " https://curl.haxx.se/docs/caextract.html "
2. Then I kept the downloaded file inside "C:/xamppPhp/apache/bin/" folder and renamed the same downloaded file to "curl-ca-bundle.crt".
3. I restarted XAMPP and cleared the cache.
4. It's done.
Hope it may help someone
simply put two more line on local to solve the issue and this worked for me fine.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
for guzzle you can try this :
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
tested on guzzle/guzzle 3.*
I'm running PHP Version 5.6.3 as part of XAMPP on Windows 7.
When I try to use the Mandrill API, I'm getting the following error:
Uncaught exception 'Mandrill_HttpError' with message 'API call to messages/send-template failed: SSL certificate problem: unable to get local issuer certificate'
I already tried everything I read on StackOverflow, including adding the following to the php.ini file:
curl.cainfo = "C:\xampp\php\cacert.pem"
And ofcourse downloaded to that location the cacert.pem file from http://curl.haxx.se/docs/caextract.html
but after all that, restarted XAMPP and Apache server but still getting the same error.
I really don't know what else to try.
Can anyone advise on what else can I try?
Finally got this to work!
Download the certificate bundle.
Put it somewhere. In my case, that was c:\wamp\ directory (if you are using Wamp 64 bit then it's c:\wamp64\).
Enable mod_ssl in Apache and php_openssl.dll in php.ini (uncomment them by removing ; at the beginning). But be careful, my problem was that I had two php.ini files and I need to do this in both of them. One is the one you get from your WAMP taskbar icon, and another one is, in my case, in C:\wamp\bin\php\php5.5.12\
Add these lines to your cert in both php.ini files:
curl.cainfo="C:/wamp/cacert.pem"
openssl.cafile="C:/wamp/cacert.pem"
Restart Wamp services.
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I had the same problem in Mandrill.php file after line number 65 where it says $this->ch = curl_init();
Add following two lines:
curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0);
This solved my problem and also sent email using localhost but I suggest to NOT use it on live version live. On your live server the code should work without this code.
Thanks #Mladen Janjetovic,
Your suggestion worked for me in mac with ampps installed.
Copied: http://curl.haxx.se/ca/cacert.pem
To: /Applications/AMPPS/extra/etc/openssl/certs/cacert.pem
And updated php.ini with that path and restarted Apache:
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
openssl.cafile="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
And applied same setting in windows AMPPS installation and it worked perfectly in it too.
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="C:/Ampps/php/extras/ssl/cacert.pem"
openssl.cafile="C:/Ampps/php/extras/ssl/cacert.pem"
:
Same for wamp.
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="C:/wamp/bin/php/php5.6.16/extras/ssl/cacert.pem"
openssl.cafile="C:/wamp/bin/php/php5.6.16/extras/ssl/cacert.pem"
If you are looking for generating new SSL certificate using SAN for localhost, steps on this post worked for me on Centos 7 / Vagrant / Chrome Browser.
When you view the http://curl.haxx.se/docs/caextract.html page, you will notice in big letters a section called:
RSA-1024 removed
Read it, then download the version of the certificates that includes the 'RSA-1024' certificates.
https://github.com/bagder/ca-bundle/blob/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt
Those will work with Mandrill.
Disabling SSL is a bad idea.
The above steps, though helpful, didnt work for me on Windows 8. I don't know the co-relation, but the below steps worked. Basically a change in the cacert.pem file. Hope this helps someone.
Download cacert.pem file from here:
http://curl.haxx.se/docs/caextract.html
Save the file in your PHP installation folder. (eg: If using xampp – save it in c:\Installation_Dir\xampp\php\cacert.pem).
Open your php.ini file and add these lines:
curl.cainfo=”C:\Installation_Dir\xampp\php\cacert.pem”
openssl.cafile=”C:\Installation_Dir\xampp\php\cacert.pem”
Restart your Apache server and that should fix it (Simply stop and start the
services as needed).
Note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I found new Solution without any required certification to call curl only add two line code.
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
If you don't have access to php.ini, adding this code (after your $ch = curl_init(); line) works for me:
$certificate_location = "C:\Program Files (x86)\EasyPHP-Devserver-16.1\ca-bundle.crt"; // modify this line accordingly (may need to be absolute)
curl_setopt($ch, CURLOPT_CAINFO, $certificate_location);
curl_setopt($ch, CURLOPT_CAPATH, $certificate_location);
Then, you will just need to download ca-bundle.crt and save it to location you specified in $certificate_location.
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I tried this it works
open
vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php
and change this
$conf[CURLOPT_SSL_VERIFYHOST] = 2;
$conf[CURLOPT_SSL_VERIFYPEER] = true;
to this
$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = FALSE;
Note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
elaborating on the above answers for server deployment.
$hostname = gethostname();
if($hostname=="mydevpc")
{
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
should do the trick for development environment without compromising the server when deployed.
I was facing a problem like this in my local system but not in the live server. I also mentioned another solution on this page its before, but that was not working in localhost.so find a new solution of this, that is working in the localhost-WAMP Server.
cURL Error #:SSL certificate problem: unable to get local issuer
certificate
sometimes system could not find your cacert.pem in your drive. so you can define this in your code where you are going to use CURL
Note that i am fulfilling all conditions for this like OPEN-SSL library active and other things.
check this code of CURL.
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL =>$url,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_RETURNTRANSFER=> true,
));
curl_setopt($curl, CURLOPT_CAINFO, "f:/wamp/bin/cacert.pem"); // <------
curl_setopt($curl, CURLOPT_CAPATH, "f:/wamp/bin/cacert.pem"); // <------
$response = json_decode(curl_exec($curl),true);
$err = curl_error($curl);
curl_close($curl);
but this solution may not work in live server. because of absolute path of cacert.pem
On Amazon Linux (CentOS / Red Hat etc) I did the following to fix this issue. First copy the cacert.pem downloaded from http://curl.haxx.se/ca/cacert.pem and put it in the /etc/pki/ca-trust/source/anchors/ directory. Then run the update-ca-trust command.
Here is a one liner taken from https://serverfault.com/questions/394815/how-to-update-curl-ca-bundle-on-redhat
curl https://curl.se/ca/cacert.pem -o /etc/pki/ca-trust/source/anchors/curl-cacert-updated.pem && update-ca-trust
However since curl was broken I actually used this command to download the cacert.pem file.
wget --no-check-certificate http://curl.haxx.se/ca/cacert.pem
After running the update-ca-trust command you can restart the web server service httpd restart for apache or service nginx restart for nginx.
I have Very Simple Solution of this problem. You can do this without any certificate file.
Note that this solution is valid for local system not client server and Production server.
Go on Laravel Root Folder -> Vender -> guzzlehttp -> guzzle -> src
open Client.php
find $defaults Array . that look like this way ..
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => true,
'cookies' => false
];
Now main Job is to change value of verify key ..
'verify' => false,
So After this it will not check SSL Certificate for CURL Request... This Solution is work for me. I find this solution after many research ...
I had the same issue during building my app in AppVeyor.
Download https://curl.haxx.se/ca/cacert.pem to c:\php
Enable openssl echo extension=php_openssl.dll >> c:\php\php.ini
Locate certificateecho curl.cainfo=c:\php\cacert.pem >> c:\php\php.ini
I have a proper solution of this problem, lets try and understand the root cause of this issue. This issue comes when remote servers ssl cannot be verified using root certificates in your system's certificate store or remote ssl is not installed along with chain certificates. If you have a linux system with root ssh access, then in this case you can try updating your certificate store with below command:
update-ca-certificates
If still, it doesn't work then you need to add root and interim certificate of remote server in your cert store. You can download root and intermediate certs and add them in /usr/local/share/ca-certificates directory and then run command update-ca-certificates. This should do the trick. Similarly for windows you can search how to add root and intermediate cert.
The other way you can solve this problem is by asking remote server team to add ssl certificate as a bundle of domain root cert, intermediate cert and root cert.
Another reason this error can occur is if a CA bundle has been removed from your system (and is no longer available in ca-certificates).
This is currently the situation with the GeoTrust Global CA which (among other things) is used to sign Apple's certificate for APNS used for Push Notifications.
Additional details can be found on the bug report here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962596
You can manually add the GeoTrust Global CA certificate on your machine as suggested by Carlos Alberto Lopez Perez:
wget --no-check-certificate -c https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem \
&& mkdir /usr/local/share/ca-certificates/extra \
&& mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt \
&& update-ca-certificates
If none of the solutions above are working for you try updating your XAMPP installation to a newer version.
I was running XAMPP with php 5.5.11, the same exact code didn't work, I upgraded to XAMPP with php 5.6.28 and the solutions above worked.
Additionally only updating PHP didn't work either seems like a combination of apache and php settings on that version of XAMPP.
Hope it helps someone.
I got the error like :
failed loading cafile stream: `C:\xamppPhp\apache\bin\curl-ca-bundle.crt`
I am using windows machine. So I followed the below steps.
1. I have downloaded .pem file from " https://curl.haxx.se/docs/caextract.html "
2. Then I kept the downloaded file inside "C:/xamppPhp/apache/bin/" folder and renamed the same downloaded file to "curl-ca-bundle.crt".
3. I restarted XAMPP and cleared the cache.
4. It's done.
Hope it may help someone
simply put two more line on local to solve the issue and this worked for me fine.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
for guzzle you can try this :
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
tested on guzzle/guzzle 3.*
I'm getting this error:
SSL problem: can't identify local issuer
once I call the function to save an image or retrieve user's Facebook image:
file_get_contents()
What I've done is:
I have my website running on Azure *.azurewebsites.com
I added my custom domain and ssl certificate which were both bought from GoDaddy
I created Certificate Signing Request (CSR) (which GoDaddy asked for) using OpenSSL on my Mac
Signed it with it and downloaded it to get .p7b file and .crt file
I added the .crt file to Azure and everything works fine, my custom domain now has the lock beside it
So after those steps, logging in with Facebook got that error also so I did a temporary fix:
curl_setopt($rest, CURLOPT_SSL_VERIFYPEER, false);
This is not recommended of course, but it allows me to test the rest of the site. The error still occurred but only when invoking file_get_contents(). I've tried these fixes from what I've seen scouring around:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/cacert/cacert.pem");
But no dice. Can someone explain exactly what the error means and also to combat it? That'd be great. And also, this might be due to creating my Certificate Signing Request with OpenSSL... not sure. Please confirm.
curl_setopt flags works only with handler you're passing to those calls. file_get_contents has no idea about any of CURLOPT_SSL_VERIFYPEER or CURLOPT_SSL_VERIFYHOST flags.
Change file_get_contents to curl calls.
Ok i have been struggling with this for a couple of days now.
I have a Joomla installation on a local machine on our network for our intranet, also installed is Jomsocial.
The problem is that when i go to site configuration or edit an event or navigate to any joomla module that calls an external api, i get either
CURL error : 7 Failed to connect to maps.google.com port 80: Connection timed out
or
Connection timed out (110)
The issue is definetely not Joomla or Jomsocial a i have other php applications running on the same server that also cant contact external api's
The server setup is
Ubuntu 14Lts
PHP 5.5
Apache 2.4.7
MariaDB
Server sits behind a proxy, but has full internet access from CLI. all the necessary php extensions is enabled. i have set the global proxy variable in /etc/environment also in apt config and set the proxy variable in Joomla. My Joomla updates and components updates work fine but not curl of fsockopen functions are working.
I have no idea where else to look for the error. My thinking is that the www-data user might not have sufficient privileges to execute fsockopen and curl from a browser.
Any advice?
UPDATE, i have tested the site on another machine which is not on the corporate network (directly connected to the internet) and everything works. So i am pretty certain that my issue is on my machine and permissions on the network, specifically my www-data user. How can i fix this?
It appears that the http_proxy variable is not used by PHP (mod_php) even if PassEnv is used to pass it, or if it directly set with SetEnv. In addition, it is displayed correctly when getenv('http_proxy') is called in a PHP script.
However, there are two ways to get it working:
Set it in the Apache envvars (/etc/apache2/envvars) as follows:
export http_proxy=http://proxy.example.com:8080/
and restart Apache.
Put in the PHP files that load the application (e.g. index.php, bootstrap.php and etc.):
putenv('http_proxy=http://proxy.example.com:8080/');
Again, if you test with getenv('http_proxy') you will see that they are set correctly.
I've just had the same problem with a pretty close setup (only difference is mysql instead of MariaDb, and Joomla 3.4.1) and it took me quite a while to get everything together, so I will put the list of possible stumbling blocks here:
Make sure php5-curl is installed. Joomla can use a proxy only with CURL as transport layer.
sudo apt-get install php5-curl
I found no use in entering the proxy in the Joomla configuration. The only good it did was that the update connection would not time out but return immediately.
It is not enough to place the environment variables in /etc/apache2/envvars, you also need to use "PassEnv" in /etc/apache2/apache2.conf,
i.e. (taken from https://stackoverflow.com/a/21571588/1967646)
PassEnv http_proxy
Also, I needed to pass both HTTP_PROXY, HTTPS_PROXY as xml-lists were fetched via http and files lateron via https (probably update files from github). Possibly, you need to have these variables in lower case but on the joomla configuration page "PHP information" similarly named variables show up in upper case.
I don't know where this really made any difference, but restarting apache2 as follows seems to be the right way (instead of apache2ctl).
sudo service apache2 restart
I put together some haphazard code for testing whether curl and php would work together or not, most of it comes from https://stackoverflow.com/a/1477710/1967646. I only added plenty of error reporting. Put in a file test.php in the webfolder's root dir and look at with your favorite browser.
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL);
$url = 'http://update.joomla.org/core/list.xml';
function get_page($url, $proxy=true) {
if ($url!='') {
$ch = curl_init ();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
if ($proxy) {
curl_setopt($ch, CURLOPT_PROXY, '<enter your proxy host here>');
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
curl_setopt($ch, CURLOPT_PROXYPORT, <enter your proxy port here>);
}
if (! $html = curl_exec($ch)) {
echo '<br>Last CURL error is '.curl_error($ch).'<br>';
} else {
echo '<br>CURL without error.<br>';
}
curl_close($ch);
return $html;
} else {
echo 'Empty URL.';
}
}
echo 'Hello, getting pages via curl:';
$html=get_page($url);
var_dump($html);
echo bin2hex($html);
echo '<br>';
var_dump(get_page($url, false));
echo '<br>done.<br>';
?>
Use this:
export http_proxy=http://your.proxy.server:port/
or this:
From man curl:
-x, --proxy <[protocol://][user:password#]proxyhost[:port]>
Use the specified HTTP proxy.
If the port number is not specified, it is assumed at port 1080.
I'm running PHP Version 5.6.3 as part of XAMPP on Windows 7.
When I try to use the Mandrill API, I'm getting the following error:
Uncaught exception 'Mandrill_HttpError' with message 'API call to messages/send-template failed: SSL certificate problem: unable to get local issuer certificate'
I already tried everything I read on StackOverflow, including adding the following to the php.ini file:
curl.cainfo = "C:\xampp\php\cacert.pem"
And ofcourse downloaded to that location the cacert.pem file from http://curl.haxx.se/docs/caextract.html
but after all that, restarted XAMPP and Apache server but still getting the same error.
I really don't know what else to try.
Can anyone advise on what else can I try?
Finally got this to work!
Download the certificate bundle.
Put it somewhere. In my case, that was c:\wamp\ directory (if you are using Wamp 64 bit then it's c:\wamp64\).
Enable mod_ssl in Apache and php_openssl.dll in php.ini (uncomment them by removing ; at the beginning). But be careful, my problem was that I had two php.ini files and I need to do this in both of them. One is the one you get from your WAMP taskbar icon, and another one is, in my case, in C:\wamp\bin\php\php5.5.12\
Add these lines to your cert in both php.ini files:
curl.cainfo="C:/wamp/cacert.pem"
openssl.cafile="C:/wamp/cacert.pem"
Restart Wamp services.
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I had the same problem in Mandrill.php file after line number 65 where it says $this->ch = curl_init();
Add following two lines:
curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0);
This solved my problem and also sent email using localhost but I suggest to NOT use it on live version live. On your live server the code should work without this code.
Thanks #Mladen Janjetovic,
Your suggestion worked for me in mac with ampps installed.
Copied: http://curl.haxx.se/ca/cacert.pem
To: /Applications/AMPPS/extra/etc/openssl/certs/cacert.pem
And updated php.ini with that path and restarted Apache:
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
openssl.cafile="/Applications/AMPPS/extra/etc/openssl/certs/cacert.pem"
And applied same setting in windows AMPPS installation and it worked perfectly in it too.
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="C:/Ampps/php/extras/ssl/cacert.pem"
openssl.cafile="C:/Ampps/php/extras/ssl/cacert.pem"
:
Same for wamp.
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo="C:/wamp/bin/php/php5.6.16/extras/ssl/cacert.pem"
openssl.cafile="C:/wamp/bin/php/php5.6.16/extras/ssl/cacert.pem"
If you are looking for generating new SSL certificate using SAN for localhost, steps on this post worked for me on Centos 7 / Vagrant / Chrome Browser.
When you view the http://curl.haxx.se/docs/caextract.html page, you will notice in big letters a section called:
RSA-1024 removed
Read it, then download the version of the certificates that includes the 'RSA-1024' certificates.
https://github.com/bagder/ca-bundle/blob/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt
Those will work with Mandrill.
Disabling SSL is a bad idea.
The above steps, though helpful, didnt work for me on Windows 8. I don't know the co-relation, but the below steps worked. Basically a change in the cacert.pem file. Hope this helps someone.
Download cacert.pem file from here:
http://curl.haxx.se/docs/caextract.html
Save the file in your PHP installation folder. (eg: If using xampp – save it in c:\Installation_Dir\xampp\php\cacert.pem).
Open your php.ini file and add these lines:
curl.cainfo=”C:\Installation_Dir\xampp\php\cacert.pem”
openssl.cafile=”C:\Installation_Dir\xampp\php\cacert.pem”
Restart your Apache server and that should fix it (Simply stop and start the
services as needed).
Note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I found new Solution without any required certification to call curl only add two line code.
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
If you don't have access to php.ini, adding this code (after your $ch = curl_init(); line) works for me:
$certificate_location = "C:\Program Files (x86)\EasyPHP-Devserver-16.1\ca-bundle.crt"; // modify this line accordingly (may need to be absolute)
curl_setopt($ch, CURLOPT_CAINFO, $certificate_location);
curl_setopt($ch, CURLOPT_CAPATH, $certificate_location);
Then, you will just need to download ca-bundle.crt and save it to location you specified in $certificate_location.
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I tried this it works
open
vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php
and change this
$conf[CURLOPT_SSL_VERIFYHOST] = 2;
$conf[CURLOPT_SSL_VERIFYPEER] = true;
to this
$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = FALSE;
Note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
elaborating on the above answers for server deployment.
$hostname = gethostname();
if($hostname=="mydevpc")
{
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
should do the trick for development environment without compromising the server when deployed.
I was facing a problem like this in my local system but not in the live server. I also mentioned another solution on this page its before, but that was not working in localhost.so find a new solution of this, that is working in the localhost-WAMP Server.
cURL Error #:SSL certificate problem: unable to get local issuer
certificate
sometimes system could not find your cacert.pem in your drive. so you can define this in your code where you are going to use CURL
Note that i am fulfilling all conditions for this like OPEN-SSL library active and other things.
check this code of CURL.
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL =>$url,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_RETURNTRANSFER=> true,
));
curl_setopt($curl, CURLOPT_CAINFO, "f:/wamp/bin/cacert.pem"); // <------
curl_setopt($curl, CURLOPT_CAPATH, "f:/wamp/bin/cacert.pem"); // <------
$response = json_decode(curl_exec($curl),true);
$err = curl_error($curl);
curl_close($curl);
but this solution may not work in live server. because of absolute path of cacert.pem
On Amazon Linux (CentOS / Red Hat etc) I did the following to fix this issue. First copy the cacert.pem downloaded from http://curl.haxx.se/ca/cacert.pem and put it in the /etc/pki/ca-trust/source/anchors/ directory. Then run the update-ca-trust command.
Here is a one liner taken from https://serverfault.com/questions/394815/how-to-update-curl-ca-bundle-on-redhat
curl https://curl.se/ca/cacert.pem -o /etc/pki/ca-trust/source/anchors/curl-cacert-updated.pem && update-ca-trust
However since curl was broken I actually used this command to download the cacert.pem file.
wget --no-check-certificate http://curl.haxx.se/ca/cacert.pem
After running the update-ca-trust command you can restart the web server service httpd restart for apache or service nginx restart for nginx.
I have Very Simple Solution of this problem. You can do this without any certificate file.
Note that this solution is valid for local system not client server and Production server.
Go on Laravel Root Folder -> Vender -> guzzlehttp -> guzzle -> src
open Client.php
find $defaults Array . that look like this way ..
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => true,
'cookies' => false
];
Now main Job is to change value of verify key ..
'verify' => false,
So After this it will not check SSL Certificate for CURL Request... This Solution is work for me. I find this solution after many research ...
I had the same issue during building my app in AppVeyor.
Download https://curl.haxx.se/ca/cacert.pem to c:\php
Enable openssl echo extension=php_openssl.dll >> c:\php\php.ini
Locate certificateecho curl.cainfo=c:\php\cacert.pem >> c:\php\php.ini
I have a proper solution of this problem, lets try and understand the root cause of this issue. This issue comes when remote servers ssl cannot be verified using root certificates in your system's certificate store or remote ssl is not installed along with chain certificates. If you have a linux system with root ssh access, then in this case you can try updating your certificate store with below command:
update-ca-certificates
If still, it doesn't work then you need to add root and interim certificate of remote server in your cert store. You can download root and intermediate certs and add them in /usr/local/share/ca-certificates directory and then run command update-ca-certificates. This should do the trick. Similarly for windows you can search how to add root and intermediate cert.
The other way you can solve this problem is by asking remote server team to add ssl certificate as a bundle of domain root cert, intermediate cert and root cert.
Another reason this error can occur is if a CA bundle has been removed from your system (and is no longer available in ca-certificates).
This is currently the situation with the GeoTrust Global CA which (among other things) is used to sign Apple's certificate for APNS used for Push Notifications.
Additional details can be found on the bug report here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962596
You can manually add the GeoTrust Global CA certificate on your machine as suggested by Carlos Alberto Lopez Perez:
wget --no-check-certificate -c https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem \
&& mkdir /usr/local/share/ca-certificates/extra \
&& mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt \
&& update-ca-certificates
If none of the solutions above are working for you try updating your XAMPP installation to a newer version.
I was running XAMPP with php 5.5.11, the same exact code didn't work, I upgraded to XAMPP with php 5.6.28 and the solutions above worked.
Additionally only updating PHP didn't work either seems like a combination of apache and php settings on that version of XAMPP.
Hope it helps someone.
I got the error like :
failed loading cafile stream: `C:\xamppPhp\apache\bin\curl-ca-bundle.crt`
I am using windows machine. So I followed the below steps.
1. I have downloaded .pem file from " https://curl.haxx.se/docs/caextract.html "
2. Then I kept the downloaded file inside "C:/xamppPhp/apache/bin/" folder and renamed the same downloaded file to "curl-ca-bundle.crt".
3. I restarted XAMPP and cleared the cache.
4. It's done.
Hope it may help someone
simply put two more line on local to solve the issue and this worked for me fine.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
for guzzle you can try this :
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
tested on guzzle/guzzle 3.*