I'm trying to test our Mandrill API from my localhost (on Windows). It seems like I need to configure a "local issuer certificate". So, I downloaded http://curl.haxx.se/ca/cacert.pem and saved it in my document root (c:\wamp\www). Then, in my php.ini file, I configured this: curl.cainfo = "/cacert.pem".
When I run the sample code for Mandrill, I get the following error:
A mandrill error occurred: Mandrill_HttpError - API call to
messages/send failed: error setting certificate verify locations:
CAfile: cacert.pem CApath: none
Any idea what's wrong?
I've seen others post about this with WampServer; though I cannot offer the reason or a real solution, if you're just testing on your localhost have you considered just turning off cURL's SSL verification?
curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0);
To extend the #LeonardChallis answer if you're struggling with Google APIs on this one then adding the following to vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php and the create function will also fix it:
$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = 0;
Related
I am tryng to send SMS using Textmagic from godaddy using php. I have used the official git-hub page to get API https://github.com/textmagic/textmagic-rest-php
The above setups works fine from my local Ubuntu PC and able to send SMS,
Where as when I host the API to Godaddy Windows shared hosting, and executed the same php code, I got following error.
[ERROR- ] error setting certificate verify locations: CAfile: c:\cgi\php56\curl-ca-bundle.crt CApath: none
What could be the reason.
Php version:5.6
I'm not sure if there is something GoDaddy configures that would not make this possible, but the best/most secure way to tackle this is to NOT use CURLOPT_SSL_VERIFYPEER = FALSE, but instead export the certificate chain to X.509. Then use CURLOPT_CAINFO to point to that certificate.
IE
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/the/certificate-you-exported.crt");
If GoDaddy does not let you do this, my suggestion would be to find another provider.
you can use :
curl_setopt($link, CURLOPT_SSL_VERIFYPEER, FALSE);
but please be sure : you will lose the benefit of certification verification.
bypassing verification is not a good idea , ( may any one with you on the server get the URL and your api key )
if you have a root access on the server please enable permission for the user on the server verification folder :
chmod 755 /usr/share/ssl/certs
this link can help for goddady : https://blog.hqcodeshop.fi/archives/304-Fixing-curl-with-Go-Daddy-Secure-Certificate-Authority-G2-CA-root.html
I'm trying out Mandrill. It looks nice. I signed up with an account and got an api key. Downloaded the Mandrill PHP wrapper from
https://bitbucket.org/mailchimp/mandrill-api-php
This post seemed to have a pretty good hello-world Mandrill email example, so I tried it out:
Simple php function to send an email with Mandrill
Kept getting this error:
API call to templates/add failed: Problem with the SSL CA cert (path? access rights?)
I followed the instructions from these S.O. posts:
error in send email using Mandrill (php)
HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK
Grabbed the .pem file from http://curl.haxx.se/docs/caextract.html
and made sure the the curl api pointed to that file inside the Mandrill api
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt ($ch, CURLOPT_CAINFO, "pathto/cacert.pem");
The .pem file is readable. No crazy permissions situations.
No help. Same deal:
API call to templates/add failed: Problem with the SSL CA cert (path? access rights?)
Googling around I followed the CentOS 6.0 steps here:
http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
As well as the steps here:
http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/
Same error. As a last try, I set curl to ignore the ssl-step entirely. This of course is not advised, but I just wanted to feel solid ground under my feet. I went back into Mandrill.php and gave this a shot.
curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0);
Again, same error. I was wondering if someone else can shed some light on this for me. I've exhausted google. (It gave me a recaptcha because I was using it too much). Thanks for your time!
(System: CentOS 6.5, PHP 5.3)
Odd that you're having this issue on Linux (known problem in Windows though).
The only thing I kan think of is that you try to load the the .pem as a default via your php.ini-file, check curl.cainfo and supply an absolute path to the cacert.pem-file. That should make so that you don't have to use CURLOPT_CAINFO – and perhaps gives a better result?
Half off-topic; if you don't need all the features that the API gives you, you can also use an SMTP-connection (always easier to work with).
I am running a local XAMPP server on a windows machine.
From this server I am trying to connect to an SSL encrypted page via CURL.
I did run into the following error:
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I realize that I could simply disable SSL verification by using...
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
..but I really don´t want to do this, that´s the point of using SSL.
I´ve seen several answers here that point to to set the CURL Option "CURLOPT_CAINFO" to a .pem file that can be acquired here: http://curl.haxx.se/ca/cacert.pem
curl_setopt($ch, CURLOPT_CAINFO, 'C:\xampp\cacert.pem' );
I did put the file in the given folder, and run the above command before running curl_exec. But I still get the same error as before.
I also tried to download the certificate from the site that I am trying to connect with, but the error message is still the same.
PHP can access the .pem file, with file_get_contents for example, so it does not appear to be a file access / permission problem.
What could be the cause for this problem to persist?
I am running:
PHP Version: 5.2.9
cURL Information: libcurl/7.16.0 OpenSSL/0.9.8i zlib/1.2.3
Tardy response but I had same problem and the way I fixed it was to upgrade to php 5.3. I have seen nothing that explicit that says "5.2 does not do proper certificate validation" but you have everything right by using CURLOPT_CAINFO. Upgrade to 5.3 and it will work.
I have this error when using CURLOPT_SSL_VERIFYHOST:
Curl error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
What I tried:
1 - turning off VERIFYHOST is not an option, I need this to login to https page
2 - downloaded certificate and I use it like this:
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($c, CURLOPT_CAINFO, getcwd() . '/certificate.pl.crt');
And I still get the same error.
3 - I turned on ssl_module in Apache extensions (I use WAMP)
4 - I turned on php_openssl in PHP extensions
What else should I do? From phpinfo(); I know that I have:
mod_ssl/2.2.22
OpenSSL/0.9.8u
And it still doesn't work. What else should I do :( ?
had to edit this as I missed some comments before.
If you don't try to import your certificate and switch peer validation off, your transport should still be SSL secured if I'm not mistaking, so if the goal is to get it over ssl , then I wouldn't bother messing with the import of certificates. Of course if you do want some more peace of mind it's a different thing.
Quick question : I have a PHP script which query Pinnacle Cart API through a cURL query. While testing this on my laptop, no problem. I get the XML response and all. But once it's on the remote server... I get no result. I checked beforehand to be sure cURL was installed on the remote server, and it sure is. I don't have the same version as the remote server (libcurl/7.15.5 vs libcurl/7.19.5) but I kind of doubt it's the issue here. Any idea what might throw off my script?
EDIT : Here is what I get when I output the errors to a file with CURLOPT_STDERR :
Locally :
successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs
SSL connection using DHE-RSA-AES256-SHA
Server-side :
successfully set certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL certificate problem, verify that the CA cert is OK. Details:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
1 minutes of googling later... I found out that with this parameter :
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
My script works on the server... But it's kind of butched, isn't it?
See your PHP error log or turn the PHP's error reporiting functionality on so that it gives you the exact error message. Most probably PHP's safe_mode is open on your server and prevents some functionality (eg. CURLOPT_FOLLOWLOCATION) of curl library.