Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

I am using PHP v7.2, on Windows 10 Computer and Composer version 1.9.0

composer create-project --prefer-dist laravel/laravel blog

I am trying to install Laravel and start a project using composer but getting the following error

OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

When I run composer diagnose getting below result

PS C:\xampp\htdocs\webstore_services> composer diagnose
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: Warning: Accessing 192.168.1xx.2xx over http which is an insecure protocol.
OK
Checking https connectivity to packagist: [Composer\Downloader\TransportException] The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking github.com rate limit: FAIL
[Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version:
  [Composer\Downloader\TransportException]                                                                                        
  The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:  
  error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed                                            
  Failed to enable crypto                                                                                                         
  failed to open stream: operation failed                                                                                         
diagnose

I have tried almost every solution on the Internet

php -r "print_r(openssl_get_cert_locations());"

Result

(
    [default_cert_file] => C:\usr\local\ssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => C:\usr\local\ssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => C:\usr\local\ssl/private
    [default_default_cert_area] => C:\usr\local\ssl
    [ini_cafile] => C:\xampp\php\cacert.pem
    [ini_capath] => C:\xampp\php\cacert.pem
)

How will I change the location of default_cert_file in this, Only this is left?

Since I am on Corporate Proxy I have set the env-variable of the proxy.

https_proxy : http://user:pass@host:port http_proxy : http://user:pass@host:port

After everything I do, it doesn't help me though.

like image 342
Ankit S. Avatar asked Aug 05 '19 11:08

Ankit S.


2 Answers

most common cause of this error is out of sync date/time, check what is your machine's local time and use commands like ntp or chrony to sync your time.

If you are having this problem in a docker container, the container would be using your host time. However, putting the computer in hibernate mode would make the time lock up. the only solution is to restart the whole computer.

like image 119
Farzad Khalafi Avatar answered Nov 09 '22 05:11

Farzad Khalafi


I do not know if I will answer you, but I will try to enlighten you:

it is a secure connection failure: default_cert_file is defined when you generate the certificate

error:1416F086:SSL is an error like the server rejected your certificate because it is revoked, nonexistent or incorrect the same error can occur in a browser with Error code: SSL_ERROR_REVOKED_CERT_ALERT or SSL_ERROR_HANDSHAKE_FAILURE_ALER when the security certificate is not or no longer valid

when you generate a root certificate this can depend on a configuration file in which is specified several information, notably the path:

[CA_default] dir = ./certificats # Where everything is kept

openssl etc ...

I think what you're looking for is akin

SSL context options SSL context options — SSL context option listing

cafile string

Location of Certificate Authority file on local filesystem which should be used with the verify_peer context option to authenticate the identity of the remote peer.

capath string

If cafile is not specified or if the certificate is not found there, the directory pointed to by capath is searched for a suitable certificate. capath must be a correctly hashed certificate directory.
like image 25
ozome Avatar answered Nov 09 '22 04:11

ozome