I’m trying to fix a php_curl call on a Windows server (running IIS) that is returning the familiar error “SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed”.
As detailed in many related questions here, I downloaded http://curl.haxx.se/ca/cacert.pem, moved it to my server’s hard drive, and added the curl.cainfo setting to my php.ini:
curl.cainfo = "C:pathtocacert.pem"
Nothing, still getting the same error. However, specifying the path in the PHP code results in a successful response!
$ch = curl_init($url); curl_setopt($ch, CURLOPT_CAINFO, "C:pathtocacert.pem"); $response = curl_exec($ch);
This does give me a workaround I can use for now, but I’m maintaining a large application with php_curl calls in many places, so it would be more logical to specify this setting once in php.ini so it applies to all php_curl calls in the application.
Potential dumb mistake checking:
- I’m restarting IIS between php.ini edits
- I know I’m editing the right php.ini, because “echo ini_get(‘smtp_port’);” reflects changes I make to that setting (changing a non-critical setting just for testing)
- I know IIS can read the file, because it works when setting it using curl_setopt() (above)
Trying to look at the ini setting directly shows that PHP doesn’t seem to know anything about it (am I doing this right?):
var_dump(ini_get('curl.cainfo'));
==> bool(false)
Any ideas why PHP wouldn’t read the curl.cainfo setting?
Advertisement
Answer
A coworker informed me that this curl php.ini setting was not added until PHP 5.3.7: http://www.php.net/manual/en/curl.configuration.php#ini.curl.cainfo
The particular test server I was working with was running an older version than that, so PHP wasn’t reading that setting from php.ini.