Menu
How to solve this problem:
download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html
save it on your filesystem somewhere (for example, XAMPP users might use C:\xampp\php\extras\ssl\cacert.pem)
in your php.ini, put this file location in the [curl] section (putting it in the [openss] section is also a good idea):
[curl]
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
[openssl]
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"
(Reference: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate)
Attention Wamp/Wordpress/windows users. I had this issue for hours and not even the correct answer was doing it for me, because i was editing the wrong php.ini file because the question was answered to XAMPP and not for WAMP users, even though the question was for WAMP.
here's what i did
Download the certificate bundle.
Put it inside of C:\wamp64\bin\php\your php version\extras\ssl
Make sure the file mod_ssl.so is inside of C:\wamp64\bin\apache\apache(version)\modules
Enable mod_ssl in httpd.conf inside of Apache directory C:\wamp64\bin\apache\apache2.4.27\conf
Enable php_openssl.dll in php.ini. Be aware my problem was that I had two php.ini files and I need to do this in both of them. First one can be located inside of your WAMP taskbar icon here.
and the other one is located in C:\wamp64\bin\php\php(Version)
find the location for both of the php.ini files and find the line curl.cainfo = and give it a path like this
curl.cainfo = "C:\wamp64\bin\php\php(Version)\extras\ssl\cacert.pem"
Now save the files and restart your server and you should be good to go
If you are using PHP 5.6 with Guzzle, Guzzle has switched to using the PHP libraries autodetect for certificates rather than it's process (ref). PHP outlines the changes here.
You can dump where PHP is looking using the following PHP command:
var_dump(openssl_get_cert_locations());
For OS X testing, you can use homebrew to install openssl brew install openssl and then use openssl.cafile=/usr/local/etc/openssl/cert.pem in your php.ini or Zend Server settings (under OpenSSL).
A certificate bundle is also available from curl/Mozilla on the curl website: https://curl.haxx.se/docs/caextract.html
Once you have a bundle, either place it where PHP is already looking (which you found out above) or update openssl.cafile in php.ini. (Generally, /etc/php.ini or /etc/php/7.0/cli/php.ini or /etc/php/php.ini on Unix.)
Guzzle, which is used by cartalyst/stripe, will do the following to find a proper certificate archive to check a server certificate against:
openssl.cafile is set in your php.ini file.curl.cainfo is set in your php.ini file./etc/pki/tls/certs/ca-bundle.crt exists (Red Hat, CentOS, Fedora; provided by the ca-certificates package)/etc/ssl/certs/ca-certificates.crt exists (Ubuntu, Debian; provided by the ca-certificates package)/usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)/usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)C:\windows\system32\curl-ca-bundle.crt exists (Windows)C:\windows\curl-ca-bundle.crt exists (Windows)You will want to make sure that the values for the first two settings are properly defined by doing a simple test:
echo "openssl.cafile: ", ini_get('openssl.cafile'), "\n";
echo "curl.cainfo: ", ini_get('curl.cainfo'), "\n";
Alternatively, try to write the file into the locations indicated by #7 or #8.
If you're unable to change php.ini you could also point to the cacert.pem file from code like this:
$http = new GuzzleHttp\Client(['verify' => '/path/to/cacert.pem']);
$client = new Google_Client();
$client->setHttpClient($http);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With