Menu
Can't figure out what could be:
In my local environment, after I updated my OSX to the last version of Yosemite, I get this error:
CurlException: [curl] 51: SSL: certificate verification failed (result: 5) [url]
I'm using Symfony2 so it is related to PHP. I tried to reinstall openssl but nothing happen.
Any suggestion?
929
To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid.
You need to pass the -k or --insecure option to the curl command. This option explicitly allows curl to perform “insecure” SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default.
Look at the certificate chain for whatever domain is giving you this error. For me it was googleapis.com
openssl s_client -host www.googleapis.com -port 443
You'll get back something like this:
CONNECTED(00000005)
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googleapis.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
Note: I captured this after I fixed the issue. Also, your chain output will look different.
Then you need to look at the certificates allowed in php running under apache. Run phpinfo() in a page.
<?php echo phpinfo();
Then look for the certificate file that's loaded from the page output by searching the page for openssl.cafile:
openssl.cafile openssl.cafile /usr/local/php5/ssl/certs/cacert.pem
This is the file you'll need to fix by adding the correct certificate(s) to it.
sudo nano /usr/local/php5/ssl/certs/cacert.pem
You basically need to append the correct certificate "signatures" to the end of this file.
You can find some of them here:
They look like this:
(Note: This is an image so people will not simply copy/paste certificates from stackoverflow)
If you need to convert a .crt to pem, you'll need to do something like this:
openssl x509 -inform DER -outform PEM -in GIAG2.crt -out GIA2.pem
Once the right certificates are in this file, restart apache and test.
181
Someone already asked a similar question, please look here: HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK
also, there is an article here: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/
33
answered Sep 28 '22 04:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
