Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP Problem with the SSL CA cert (path? access rights?)

Tags:

php

curl

I get this error:

"Problem with the SSL CA cert (path? access rights?)"

When doing:

$curl = curl_init('https://example.com' . ($method == 'GET' && $params ? '?' . $params : ''));  curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);  $response = curl_exec($curl);  print curl_error($curl) 

Works ok on another server.

The SSL is using NSS. PHP 5.3.6

like image 977
Adam Jimenez Avatar asked Aug 24 '11 16:08

Adam Jimenez


People also ask

How do I fix error curl 77?

To resolve this issue, run the curl command without the --cacert option as it is taking certificates from the /etc/pki/tls/certs/ca-bundle. crt path. Curl command is successful while used same path in --cacert option.

Where can I find Cacert PEM?

Download the cacert. pem file from http://curl.haxx.se/ca/cacert.pem. Save this file to C:\RailsInstaller\cacert.

What is update CA certificates?

update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates. crt, a concatenated single-file list of certificates.

Could not get response SSL error certificate has expired?

This error occurs when the site's SSL certificate expires. According to industry standards, SSL certificates cannot have a lifespan longer than 398 days. That means that every website needs to renew or replace its SSL certificate at least once every two years.


2 Answers

If you are getting "Problem with the SSL CA cert (path? access rights?)" it may very well mean that you have either deleted everything from /etc/pki/tls/certs/ or have set invalid permissions (CHMOD).

If you are using RHEL/CentOS, try yum reinstall openssl ca-certificates -y

like image 43
Gajus Avatar answered Oct 05 '22 15:10

Gajus


Had this happen to two servers which use the PayPal IPN, both at around the same time.

Fix was to restart Apache.

like image 76
chris Avatar answered Oct 05 '22 14:10

chris