CURL：SSL证书失败，请验证CA证书是否正常

Question

I am running a local XAMPP server on a windows machine.

From this server I am trying to connect to an SSL encrypted page via CURL.

I did run into the following error:

SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I realize that I could simply disable SSL verification by using...

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

..but I really don´t want to do this, that´s the point of using SSL.

I´ve seen several answers here that point to to set the CURL Option "CURLOPT_CAINFO" to a .pem file that can be acquired here: http://curl.haxx.se/ca/cacert.pem

curl_setopt($ch, CURLOPT_CAINFO, 'C:\xampp\cacert.pem' );

I did put the file in the given folder, and run the above command before running curl_exec. But I still get the same error as before.

I also tried to download the certificate from the site that I am trying to connect with, but the error message is still the same.

PHP can access the .pem file, with file_get_contents for example, so it does not appear to be a file access / permission problem.

What could be the cause for this problem to persist?

I am running:

• PHP Version: 5.2.9
• cURL Information: libcurl/7.16.0 OpenSSL/0.9.8i zlib/1.2.3

Answer 1

Tardy response but I had same problem and the way I fixed it was to upgrade to php 5.3. I have seen nothing that explicit that says "5.2 does not do proper certificate validation" but you have everything right by using CURLOPT_CAINFO. Upgrade to 5.3 and it will work.