file_get_contents(): SSL operation failed with code 1 (certificate verify failed)

Question

I have installed WAMP 3.0.4 and am trying to write a PHP script that connects to an external HTTPS web service. But this returns the error:

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I have written a short script that demonstrates the issue:

<?php
$auth = base64_encode('username:password');

$aContext = array(
    'http' => array(
        'proxy' => 'tcp://proxyip:proxyport',
        'request_fulluri' => true,
        'header' => 'Proxy-Authorization: Basic $auth'
    ),
    'SSL' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true,
        'cafile' => 'C:/wamp/certificates/cacert.pem'
    )
);
$cxContext = stream_context_create($aContext);

$sFile = file_get_contents("https://www.google.com", False, $cxContext);

echo $sFile;
?>

It is a requirement to use a proxy server.

As can be seen, I have tried installing a root certificates bundle and also adding verify_peer to false (not that I would do that in production) but still I receive this error.

As can be clearly seen from the above, I am something of an Apache / WAMP novice. Can someone perhaps explain what I am missing?

Answer 1

If you want to disable the verification of the SSL connection you can use:

'verify_peer' => false

And inside your code:

<?php
$auth = base64_encode('username:password');

$aContext = array(
    'http' => array(
        'proxy' => 'tcp://proxyip:proxyport',
        'request_fulluri' => true,
        'header' => "Proxy-Authorization: Basic $auth"
    ),
    'ssl' => array(
        'verify_peer' => false,
    ),
);
$cxContext = stream_context_create($aContext);

$sFile = file_get_contents("https://www.google.com", False, $cxContext);

echo $sFile;
?>

However note that this means that no-one is guarantee you that the data you get is authentic (since the ssl certificate is NOT verified).

If you want to verify the certificate, you should use the root certificates as in your question, however, you said you work with WAMP so the path to your cafile should be something like:

"cafile" => "c:/wamp/certificates/cacert.pem",

More important - you said nothing regarding the proxy in your question. Is it something that you need or is it something you found somewhere and just trying to use?

If you don't need the proxy just remove if from your request.