I am developing an application with Symfony 2 on a local server running Windows but finding a problem with Curl, namely:
SSL certificate problem: unable to get local issuer certificate
Would seem to be a common problem for this OS but there is a definitive solution to solve it?
Bearing in mind that deploy the application will be done on a server installed with Linux.
Disabling peer verification is not a good solution.
PHP's curl extension can load a list of verified certificate authorities.
Download http://curl.haxx.se/ca/cacert.pem from the writer of curl and add this to your php.ini
curl.cainfo="c:\php\cacert.pem"
Related
I have an Ubuntu server on which I have installed WordPress. I'm using cloudflare Full(strict) End-to-End Encryption SSL and everything is working fine. I'm using a wordpress plugin Smush pro for image optimization but when I'm trying to configure it for Local WebP it is throwing me this error
cURL error 60: SSL certificate problem: unable to get local issuer
certificate
Can any one explain me what may be the potential issue and how can I resolve it?
I've searched on Google and found some answers on askubuntu and other platform, but nothing is working for me due to the lack of guidance.
I'm expecting a step by step guide to resolve this issue. Thanks
I am working on some 3rd party integration project.
Created RootCA and SubCA from their official documentation website and after importing in windows server, we created key using openssl and got signed certificate from 3rd party integration Support team
We have configured in ldp.exe client and it got connected and fetched the dataset.
Now we are implementing in PHP code level.
We have:
IIS server 10
PHP 7.2
PHP Code is working in IIS
Added ldap.conf file created c:/openldap/sysconf/ldap.conf
TLS_REQCERT allow
#TLS_CACERT c:\openldap\sysconf\RootCaSha1.der
TLS_CACERT c:\openldap\sysconf\SubCaSha1.der
#TLS_CACERTDIR c:\openldap\sysconf
We have tried various paths and noted all evidence via wireshark tool
It says TLSv1.2 Alert (Level: Fatal, Description: Handshake Failure) so it means some certificate in ldap.conf are not as per requirement.
Looking forward to help in this regard so we can get connect.
Thanks in advance
As far as I know, the TLS handshake failure error commonly occurred when the server’s certificate is configured improperly. this should be configured on the IIS server-side. Please check the below items.
The account running the website is supposed to own the right of accessing the private key of the certificate. Firstly import the certificate to the Local machine Certification Store, under the property page of the certificate, grant the account access to the private key of the certificate.
Subsequently, we specify the certificate in the IIS site binding module.
Besides, Please note that the communication between the client-side and the server-side is established based on the fact that the client trusts the server certificate. this means that when we visit the website, the browser address bar has the sign of security lock. In this way, the public key of the certificate can be exchanged. The specific operation is to add the server root certificate to the Trusted Root Certificate Authority certification store of the client-side.
I uploaded my website build with laravel on ubuntu server and used Instamojo to accept payments. I have purchased SSL from Namecheap (PositiveSSL).
The problem is my webhook URL is not working. I tried accessing the URL through Postman and got an error 'Could not get any response'. The screenshot of Postman Console-
This can be caused by failing to bundle the intermediate certificates with the server certificate. You will have at least one intermediate certificate that needs to be bundled with you server cert.
For more information please read the Complete Tutorial for installing SSL on Apache
I have a Windows 2008 R2 Server with IIS 7.5 installed and PHP 5.6.6.
I have a site set up that is using a SSL certificate which is working fine (domain1.com).
I am now trying to setup a second PHP site (domain2.com) which does not require SSL.
When I browse to domain2.com I get the following error in Chrome:
This server could not prove that it is domain2.com; its security certificate is from domain1.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Somewhere there is a setting that is forcing domain2.com to try and use SSL but I cannot see where and cannot find any solutions by searching the Internet.
Does anyone have any pointers?
Many thanks,
John
Used a wildcard certificate to resolve this in the end.
I am doing a CAS integration with a project that I am doing with my university. The final integration should be made with symfony2, however first I need to make the example code working.
I finally get working the example_simple.php example with phpCAS 1.3.2 , however the directive:
phpCAS::setNoCasServerValidation();
is the enabled one. I think I should use instead:
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
However when I enable this second one (and disable the other) then the authorization does not work anymore. Here is the relevant output line error of the log:
could not open URL 'https://cas_server.fi/cas/serviceValidate?service=http%3A%2F%2Flocalhost%2Fphpcas2%2Fdocs%2Fexamples%2Fexample_simple.php&ticket=ST-115606-M1Omd1cHWzbLbmxa1nYV-cas' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:2763]
The cas server provided me two .crt files:
MYCASRootCA.crt
MYCASLinuxSUBCA.crt
And they are suppose to be installed in my system (Ubuntu 13.10). They are in different places, such a /etc/ssl/certs/MYCASLinuxSUBCA.pem but also:
/usr/share/ca-certificates/lut/MYCASRootCA.crt
/usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt
So assuming that the variable $cas_server_ca_cert_path has to have one of these .crt files or .pem dirs (such a /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt) I cannot make it work. What I am doing it wrong? My client-server (no the cas server) is in my localhost. Is it a problem? Should I avoid use setCasServerCACert command? Why is it happening?
I've also tried to use the curl-ca-bundle.crt certificate provided by my XAMP instalation (Xampp 1.8.3).
I am a little bit lost with certificates as you can see.
I read about problems with phpCAS and recent Ubuntu versions in https://github.com/Jasig/phpCAS/issues?state=open. However I cannot make this working with the master code, even without certification (by default).
Any ideas would be appreciated...
I have found the solution asking in the github library: https://github.com/Jasig/phpCAS/issues/119
The reason is that the curl binary used by PHP in my xampp installation is different from the system's curl binary. The system one has access to /etc/ssl/certs/ certificates, but the xampp curl does not have (unless you don't indicate it, of course). By default, it searches in a special certificate-bundle-file.
Finally I have found the real certificate for my cas-server and I am using it, however maybe you want to use other proposed solution at the end of the discussion thread if you are having a similar problem.