Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Curl error 60, SSL certificate issue: self signed certificate in certificate chain

Tags:

php

curl

oauth

vk

I try to send curl request with my correct APP_ID, APP_SECRET etc. to the

  https://oauth.vk.com/access_token?client_id=APP_ID&client_secret=APP_SECRET&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a&redirect_uri=REDIRECT_URI  

I need to get access_token from it, but get a FALSE and curl_error() print next message otherwise:

60: SSL certificate problem: self signed certificate in certificate chain 

My code is:

    // create curl resource     $ch = curl_init();      // set url     curl_setopt($ch, CURLOPT_URL, $url);     //return the transfer as a string     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);      // $output contains the output string     $output = curl_exec($ch);     if ( ! $output) {         print curl_errno($ch) .': '. curl_error($ch);     }      // close curl resource to free up system resources     curl_close($ch);      return $output; 

When I move manually to the link above, I get access_token well. Why it doesn't work with curl? Help, please.

like image 768
Victor Bocharsky Avatar asked Jan 17 '14 14:01

Victor Bocharsky


People also ask

What is a curl Error 60?

Error “curl: (60) SSL certificate problem: unable to get local issuer certificate” can be seen when the SSL certificate on the server is not verified or properly configured.


1 Answers

Answers suggesting to disable CURLOPT_SSL_VERIFYPEER should not be accepted. The question is "Why doesn't it work with cURL", and as correctly pointed out by Martijn Hols, it is dangerous.

The error is probably caused by not having an up-to-date bundle of CA root certificates. This is typically a text file with a bunch of cryptographic signatures that curl uses to verify a host’s SSL certificate.

You need to make sure that your installation of PHP has one of these files, and that it’s up to date (otherwise download one here: http://curl.haxx.se/docs/caextract.html).

Then set in php.ini:

curl.cainfo = <absolute_path_to> cacert.pem 

If you are setting it at runtime, use (where $ch = curl_init();):

curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem"); 
like image 166
erlangsec Avatar answered Sep 28 '22 05:09

erlangsec