Sometimes, when we make a curl call to third party services, we get an error curl: (60) SSL certificate : unable to get local issuer certificate. Show This error occurs because the curl verifies and makes a secure connection request using self-signed certificate. When it does not find the valid certificate, it throws an error. To fix this error, follow the steps below:
Error “curl: (60) SSL certificate problem: unable to get local issuer certificate” can be seen when the SSL certificate on the server is not verified or properly configured. In order to fix this please follow the steps below:
IssueI'm trying to get composer to work on a remote Windows-machine which is using a proxy, but I always get this error when doing a composer install/update:
This is my composer.bat: @echo OFF :: in case DelayedExpansion is on and a path contains ! setlocal DISABLEDELAYEDEXPANSION set HTTP_PROXY=<proxyurl> php "%~dp0composer.phar" %*Obviously setting the proxy is needed, if I delete the line, the error becomes this:
composer diag gives me this (with the proxy set): Checking composer.json: OK Checking platform settings: OK Checking git settings: OK Checking http connectivity to packagist: OK Checking https connectivity to packagist: OK Checking HTTP proxy: OK Checking github.com rate limit: OK Checking disk free space: OK Checking pubkeys: Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642 Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952 OK Checking composer version: OK Composer version: 2.0.9 PHP version: 7.4.7 PHP binary path: C:\Program Files\PHP\current\php.exe OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020 cURL version: 7.69.1 libz 1.2.11 ssl OpenSSL/1.1.1g zip: extension present, unzip not availableI've been through a lot of posts and tutorials, but none of the answers work for me. (Some are just about curl and it's options to switch off the cert-check but that doesn't work for composer). Here's what I have tried:
All of this did not work, the error remains the same. Then I found a post which set a repository in composer.json and explicitely set the certfile for that repo, so I also tried it and added this to my composer.json: { "repositories": [{ "type": "composer", "url": "https://flex.symfony.com", "options" : { "ssl" : { "cafile" : "cacert.pem" } } }] }The file "cacert.pem" is in the same directory as my composer.json, now the error is this:
which is not that surprising, as trying to access "https://flex.symfony.com/packages.json" via a browser also gives me a 404. (Don't know if it makes a difference that all at a sudden "packages.json" couldn't be loaded while the cert-error complained about "versions.json", have no idea which is loaded first and if this error is a "good" sign.) This trial-and-error journey has been going on for days, I'm out of ideas, so any help is appreciated! SolutionFurther research led me to the proxy, which is ZScaler, being the problem. As stated in this post, ZScaler intercepts SSL traffic and re-encrypts it with its own certificate which is not trusted, so Composer (or any other program accessing sites via https) will complain with the above error that it's "unable to get local issuer certificate". So the solution must be to get the "ZScaler Intermediate Root CA" to be trusted on the server. (Which I can't do myself due to company policy, but anyone looking for a solution to the above problem probably has another hint now what to do.) Answered By - Select0r How to fix cURL error 60 ssl certificate problem?Solution:. Save the cacert. pem file anywhere on your system. Example: Since you're modifying both php. ... . Open your php.ini file. If your php.ini file doesn't have the curl.cainfo line, just add it to the end of the file, then add the file path where you saved your cacert.pem file: ... . Restart your server.. How do I fix curl 60 ssl certificate problem certificate has expired?The only solution to this problem is to get your host to update the root certificate on your server. So, you need to contact your server host and ask them to insert a new cacert. pem file into their servers, and configure it within their php.
How do I fix unable to get local issuer certificate?When ssl certificate problem unable to get local issuer certificate error is caused by a self-signed certificate, the fix is to add the certificate to the trusted certificate store. Open the file ca-bundle. crt located in the directory above, then copy and paste the Git SSL certificate to the end of the file.
How install Cacert pem in php INI?2 Answers. Edit the /etc/ssl/certs/cacert. pem file, and add your new CA public key to the bottom.. Edit php. ini and add the line openssl. cafile=/etc/ssl/certs/cacert. pem to the top (or bottom).. Restart the webserver.. |