I use paypal IPN class Quixotix-PHP-PayPal-IPN
Now, I get notifcation from paypal to my ipn listener,
and i activate the class, but i get the next error:
exception 'Exception' with message 'cURL error: [77] error setting certificate verify locations:
CAfile: /home/star1231/public_html/cert/api_cert_chain.crt
CApath: none' in /home/star1231/public_html/ipn.php:79
Stack trace:
#0 /home/star1231/public_html/ipn.php(175): IpnListener->curlPost('cmd=_notify-val...')
#1 /home/star1231/public_html/ipn.php(7): IpnListener->processIpn()
#2 {main}
I search about this error,
and i read that i need to install ca-certificates package,
in this question: How do I deal with certificates using cURL while trying to access an HTTPS url?
i have no exprince in that staff, and i dont know where to run commands and what i need to download
so someone can please explain me how can i install the package in Cpanel on Godaddy?
Check out: https://github.com/Quixotix/PHP-PayPal-IPN/issues/37
seting $listener->use_curl = FALSE; problem was solved
I am not a PHP dev, and I will be of little help assisting you with Linux, but you should be able to get this working by thoroughly reviewing the answers to these two questions:
Paypal IPN Getting blank confirmation ( should be "VERIFIED" or "INVALID" )
How do I deal with certificates using cURL while trying to access an HTTPS url?
The problem appears to be your Certificate Authority bundle, as meda writes: (source: https://stackoverflow.com/a/26260710/399124)
curl performs SSL certificate verification by default, using a
"bundle" of Certificate Authority (CA) public keys (CA certs). The
default bundle is named curl-ca-bundle.crt ... If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
To verify that that is the problem, I would try is adding the -k or --insecure switch to the code in Quixotix-PHP-PayPal-IPN that's failing. Based on the stack trace, that's probably in /home/star1231/public_html/ipn.php(175).
Assuming that fixes it, we now need to figure out what's wrong with the bundle.
Does the file at /home/star1231/public_html/cert/api_cert_chain.crt even exist? If not, download it from (https://raw.githubusercontent.com/Quixotix/PHP-PayPal-IPN/master/cert/api_cert_chain.crt) and put it in the folder.
If you're still having trouble after you're sure the file is in the right place, you could have a security issue:
if there is no tls/certs folder: create one and change permissions using chmod 777 -R folderNAME
OK, if someone need the solution ...
First, Download api_cert_chain.crt
(if this link dosent work, just search in google "download api_cert_chain.crt" or something like that.)
Second, After you download this file put this file in "cert" Folder where your ipn listener is found.
and you ready to go.
Related
I tried to connect to AmazonMQ with amqps protocol in AmazonMQ and get this error:
NOTICE: PHP message: [error] Symfony\Component\Messenger\Exception\InvalidArgumentException
cfi-lms-api_1 | No CA certificate has been provided. Set "amqp.cacert" in your php.ini or pass the "cacert" parameter in the DSN to use SSL. Alternatively, you can use amqp:// to use without SSL.
Where I can get this certificate and how to properly work with amqps in case AmazonMQ? What path for cacert I should specify?
I tried use amqp protocol but Amazon MQ does not support it.
In the docs:
If you want to use TLS/SSL encrypted AMQP, you must also provide a CA certificate. Define the certificate path in the amqp.cacert PHP.ini setting (e.g. amqp.cacert = /etc/ssl/certs) or in the cacert parameter of the DSN (e.g amqps://localhost?cacert=/etc/ssl/certs/).
(at https://symfony.com/doc/current/messenger.html)
It says cacert is "Path to the CA cert file in PEM format."
You can download the file through your web browser, clicking the "locker" icon next to "https" in the url bar. For example, the ca cert for StackOverflow can be downloaded like so :
Prefer the one from the "root" tab, which is usually valid way longer (+ 10 years).
Source:
https://github.com/symfony/amqp-messenger/blob/5.4/Transport/Connection.php#L232
https://github.com/symfony/amqp-messenger/blob/4175a0a98507e7ec575dca9b36e6c0a5a072d3fd/Transport/Connection.php#L285
For the noobs o news with AmazonMQ/rabbitmq
Get the PEM from this url : https://www.amazontrust.com/repository/AmazonRootCA1.pem
and pass = ?cacert=/path/to/pem/Amazon_Root_CA_1.pem
I hope it helps.
#Musa thanks for the answer! I will provide more details for somebody like me who never setup this certificate:
If you need work with Amazon MQ you should download the root certificate for mq.eu-central-1.amazonaws.com in pem format (see the answer from #Musa on how to do it).
Then you should change MESSENGER_TRANSPORT_DSN in .env file to add the new parameter cacert (see Symfony doc for more details https://symfony.com/doc/current/messenger.html#amqp-transport):
MESSENGER_TRANSPORT_DSN=amqps://username:password#your-secure-url.mq.eu-central-1.amazonaws.com:5671/%2f/_messages?cacert=/path-to-root-cert/mq-eu-central-1-amazonaws-com.pem
Another possible solution is to specify Amazon Root CA 1. Every Linux distribution has this certificate (see package ca-certificates). In this case, MESSENGER_TRANSPORT_DSN must be like this:
MESSENGER_TRANSPORT_DSN=amqps://username:password#your-secure-url.mq.eu-central-1.amazonaws.com:5671/%2f/_messages?cacert=/etc/ssl/certs/Amazon_Root_CA_1.pem
Now I am using coinbase/coinbase php library in laravel project. I tried to get accounts using $client->getAccounts();, But this gives error like following.
Symfony \ Component \ Debug \ Exception \ FatalThrowableError
(E_RECOVERABLE_ERROR) Argument 1 passed to
Coinbase\Wallet\Exception\HttpException::exceptionClass() must be an
instance of Psr\Http\Message\ResponseInterface, null given, called in
core\vendor\coinbase\coinbase\src\Exception\HttpException.php
on line 33
I tried to get error response by checking exception.
cURL error 60: SSL certificate problem: unable to get local issuer
certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
This code is normal and it was working 1 year ago without any issue.
Is there anyone for this issue?
Thank you for everyone's response here.
Try Uploading to Your online server and retry, it might be an issue with Your localhost.
I have experienced it sometime ago, but still fix, I will just upload to my cPanel and try it in production and it will work.
You are getting the error because the request is failing as cURL is unable to verify the certificate provided by the server.
You can solve the problem either way -
Allows curl command to work with “insecure” or “invalid” SSL certificates without https certificates. Use cURL with -k option which allows curl to make insecure connections, that is cURL does not verify the certificate.
Add the root CA (the CA signing the server certificate) to /etc/ssl/certs/ca-certificates.crt
Using Guzzle: Set verify to false
$client->request('GET', 'https://somewebsite.com', ['verify' => false]);
Note: It is best to install SSL certificate.
I'm getting an error RequestException in CurlFactory.php line 187:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see curl.haxx.se/libcurl/c/libcurl-errors.html) when trying to login with socialite facebook. This is the tutorial I followed http://blog.damirmiladinov.com/laravel/laravel-5.2-socialite-facebook-login.html#.V2K-ersrLIV .
This is my controller:
public function redirect()
{
return Socialite::driver('facebook')->redirect();
}
public function callback()
{
// when facebook call us a with token
$providerUser = \Socialite::driver('facebook')->user();
}
From my research I found out the error is as a result ofthe version of guzzlehttp/guzzle.I tried the solutions provided in these links but it didn't work for me. Laravel Socialite testing on localhost, SSL certificate issue? and https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/52954. Kindly help.
For those that still need a solution, here it is.
$providerUser = \Socialite::driver('facebook')
->setHttpClient(new \GuzzleHttp\Client(['verify' => false]))
->user();
Note the ['verify' => false], this disables the SSL certificate verification check done by the Guzzle HTTP client which is used by Socialite. It might also be a good idea to export this into the configuration as a setting.
After struggling for almost one month I have been able to solve my problem.
The problem was with Cacert.pem file which was missing in my php folder in xampp directory.
I downloaded new carcet.pem from https://curl.haxx.se/ca/cacert.pem and saved it as carcet.pem.txt in my php folder inside the xampp directory. I then opened php.ini file inside php folder and changed
;curl.cainfo= to
curl.cainfo="C:\xampp\php\cacert.pem.txt". Do not forget the .txt extension and also don't forget to restart your xampp.
That solved the problem for me. You can also read more about this error here Laravel 5 Socialite - cURL error 77: error setting certificate verify locations. Here is a link to the tutorial I followed to implement Facebook Socialite Login http://blog.sarav.co/integrating-socialite-in-laravel-5-2/.Hope this helps someone.
I did it with the cacert.pem +
php artisan generate:key
I have set up satis private composer packet manager.
Satis is running on "packages.asc.company", I protected the site by apache2 http basic authentication and can open it in browser by entering http basic auth credentials.
Now my question: How can I pass composer the credentials to access the satis site in the best and most secure manner when running e.g. "composer update"?
Currently I registered only one user with a password in apache .htpasswd file and need to pass its credentials somewhere to be able to connect from composer to satis.
There are two cases where I need to connect from:
1) From the project during development
2) From jenkins during continuous integration process.
3) Edit: SSL
I am trying to use openssl now to secure the credentials when logging in. On my linux, where the apache runs, I created a private key and a .crt file (see: Apache SSL . On my linux, I can now open the satis packages page with https, and I even redirect http to https, all working (Im using my own certificate generating with openssl because its an internal application and I don't need a trusted ca).
Now, when I switch to my Windows from my Linux vm (here I am coding), and I try to run composer update, I get the following error message:
(hosts file is configured correct)
[Composer\Downloader\TransportException]
The "https://packages.asc.company/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
What did I miss? I'm pretty new to ssl, but read the whole day now information about it and can't get it to work.
From getcomposer satis site, I have this information but don't know how to use it.
{
"repositories": [
{
"type": "composer",
"url": "https://example.org",
"options": {
"ssl": {
"local_cert": "/home/composer/.ssl/composer.pem"
}
}
}
]
}
Regards.
There is a documentation page for this.
Composer will work with adding user names into the Satis URL. Works for me, I just wanted to get around the useless default passworded server in the local network. There's a read only account, and I used it.
Additionally: Every developer in the company has an account on the repository server, and there isn't much use in protecting downloaded ZIP files with even more security. Composer itself currently doesn't support any code signing methods or hash comparison, so there is no way to know if a package has been tampered with either where stored or during transmission.
According to the docs, not giving credentials in the URL will make Composer ask for them, or you can add them to auth.json. On the other hand: Saving clear text passwords in a dedicated file doesn't sound like the best idea, and transmitting them without using HTTPS is even worse.
You have to define what kind of security you want to have. What is the goal or the threat scenario you want to protect against?
I am testing my codes on my localhost and I tried dtisgodsson/laravel4-twilio
to apply on my current website but I got this error
SSL certificate problem: self signed certificate in certificate chain
right after I put this code inside my index.blade.php:
Twilio::to('119061539155')->message('This is so, damn, easy!');
What do I need to do to get rid of this error?
Twilio Developer Evangelist here.
This error is caused by not having an up-to-date bundle of CA root certificates with your PHP installation. You need to download the latest CA root certificate bundle and update your php.ini to use this bundle. This blog post shows you how to accomplish both of those things.
Let me know if that gets you all fixed up!
If solution selected as answer to this question did not work, and you continue to have SSL authentication problems try this:
Change the setting twilio_use_certificate from false to true.
Find file OpenVBX/config/config.php and search for "twilio_use_certificate"
Then change FROM:
$config['twilio_use_certificate'] = false;
TO:
$config['twilio_use_certificate'] = true;