Curl error 60, SSL certificate issue: self signed certificate in certificate chain
Answers suggesting to disable CURLOPT_SSL_VERIFYPEER
should not be accepted. The question is "Why doesn't it work with cURL", and as correctly pointed out by Martijn Hols, it is dangerous.
The error is probably caused by not having an up-to-date bundle of CA root certificates. This is typically a text file with a bunch of cryptographic signatures that curl uses to verify a host’s SSL certificate.
You need to make sure that your installation of PHP has one of these files, and that it’s up to date (otherwise download one here: http://curl.haxx.se/docs/caextract.html).
Then set in php.ini:
curl.cainfo = <absolute_path_to> cacert.pem
If you are setting it at runtime, use (where $ch = curl_init();
):
curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem");
curl (60) ssl certificate problem self signed certificate localhost at windows
It is because you localhost server’s SSL certificate is self-signed (signed by itself) and not signed by a well known Certified Authority (CA).
This makes curl (or any https requester, like a browser as Chrome) not able to guarantee that the certifícate is worth of thrust, because basically that certificate is saying: ‘trust me, i am who i say i am’, but in practice there is nothing backing that affirmation.
That is precisely the role of a external CA: validate that the identity of the signed certificate is truly from who claims to be (https://en.m.wikipedia.org/wiki/Certificate_authority)
You can bypass curl CA validation with the insecure -k flag (https://linux.die.net/man/1/curl), like this:
curl -X GET -H 'Authorization: Bearer ${Token}' -k https://localhost/student-sevice/list-of-student
Whatsoever, I would strongly recommend that you change your server certificate with one validated by a well known CA to avoid further problems.
See also, duplicated of: How to disable cURL SSL certificate verification
cURL error 60: SSL certificate problem: self signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
The quick solution for localhost is to turn off the certificate verification using options in guzzle of verify
as false.
A quick small example below
use GuzzleHttp\Client;
$client = new Client([
'base_uri' => 'http://exmaple.org'
]);
$client->request('GET', '/', ['verify' => false]);
If you are using Http-client provided by laravel you can add guzzle options like this,
$response = Http::withOptions([
'verify' => false,
])->get('http://example.org/');
NOTE:
Though even guzzle suggests to not using it, but if you are testing your own apis it can work.
Though you can simple add your certificates as per request just by providing path.
Mozilla provides a commonly used CA bundle which can be downloaded here (provided by the maintainer of cURL).
// Use a custom SSL certificate on disk.
$client->request('GET', '/', ['verify' => '/path/to/cacert.pem']);
Read more about certificates from https://curl.se/docs/sslcerts.html .
Read more about verify from guzzle docs verify
PHP cURL error: SSL certificate problem: self signed certificate
You should append the public key of your self signed certificate to the cacert.pem file. Then either of the solutions (setting curl.cainfo
in php.ini OR explicitly specifying the path to the cacert.pem file using CURLOPT_CAINFO
) proposed here should work just fine.
Make sure you respect the format of the cacert.pem file when adding your public key.
cURL error 60: SSL certificate: unable to get local issuer certificate
How to solve this problem:
download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html
save it on your filesystem somewhere (for example, XAMPP users might use
C:\xampp\php\extras\ssl\cacert.pem
)in your php.ini, put this file location in the
[curl]
section (putting it in the[openssl]
section is also a good idea):
[curl]
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
[openssl]
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"
- restart your webserver (e.g. Apache) and PHP FPM server if applicable
(Reference: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate)
Related Topics
Tracking the Script Execution Time in PHP
What Are the Differences in Die() and Exit() in PHP
Explode PHP String by New Line
Diagnosing Memory Leaks - Allowed Memory Size of # Bytes Exhausted
Keeping Session Alive With Curl and PHP
Increasing Nesting Function Calls Limit
Find a Matching or Closest Value in an Array
How to Find the Mime Type of a File With PHP
PHP Regex to Match Outside of HTML Tags
Convert Backslash-Delimited String into an Associative Array
Insert/Update Helper Function Using Pdo
PHP Mail Not Working For Some Reason
What's the Difference Between :: (Double Colon) and -≫ (Arrow) in PHP
I Have an Array of Integers, How to Use Each One in a MySQL Query (In PHP)