Composer -- > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Question

I can connect to SSL sites, installed composer through command line through HTTPS. Checked the OPENSSL version SSL Version => OpenSSL/1.0.1j . So where is the problem? Thoughts?

Here is the raw output.

[kunaaljain@localhost php]$ /opt/lampp/bin/php-5.6.3 composer.phar diagChecking composer.json: FAIL
the property name is required
the property description is required
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
failed to open stream: Cannot connect to HTTPS server through proxy
Checking HTTP proxy: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
failed to open stream: Cannot connect to HTTPS server through proxy

Answer 1

This is an OpenSSL issue with php > 5.6. Rob Allen has a fix using homebrew here: http://akrabat.com/ssl-certificate-verification-on-php-5-6/

There is also an official issue on github for Composer: https://github.com/composer/composer/issues/2798#issuecomment-68200214

Editing your php.ini linking your cert files should fix it:

curl.cainfo=/full/path/to/ssl/certs/ca-bundle.crt
openssl.cafile=/full/path/to/ssl/certs/ca-bundle.crt

This question tells you how to find the correct path: Composer update fails while updating from packagist

Answer 2

I had the same case on my Mac, after I did update to OSX El Capitan and did update of other things at the same time in my development environment.

I burned half a day investigating, and came to conclusion that the reason was in openssl having obsolete certificates. Solution was to extract certificates from Apple’s Keychain, via bash script:

    cert_file="$( openssl version -d | awk -F'"' '{print $2}' )/cert.pem"
    mkdir -p "${cert_file%/*}"
    security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file"
    security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"

This should help in most of the cases, if configuration of openssl was not manually messed up before. Simple update of certificates is needed.

Answer 3

I had this same issue when trying to run composer in my local vagrant environment. Found the issue to be caused by the system clock being out of sync.

Fixed by running

  vagrant ssh
  sudo apt install ntpdate
  sudo ntpdate ntp.ubuntu.com
  sudo timedatectl set-ntp on
  sudo service ntp stop
  sudo ntpd -gq
  sudo service ntp start