SSL certificate error unable to get local issuer certificate

Question

This error is only present on my webserver online. I am using a updated cacert.pem and referencing it in my php.ini file in my localhost server.

My question is how this could be done on a typical web server? (by how I mean referencing the cacert.pem via the php.ini )

Alternatively is there a way I can define it within my function or Mailchimps API function that i am using which was installed via composer ?

My current function:

bootstrap.php
require_once __DIR__ . '\..\..\lib\Cake\Network\Http\HttpSocket.php';

Controller:

//////////////////////////MAILCHIMP///////////////////////
                $Socket = new HttpSocket(array('ssl_cafile' => CAKE . 'Config' . DS . 'cacert.pem',         ));
                $api_key = "xxxxxxxxxxxxxxxxxxxxxxxx";
                $list_id = "xxxxxxxxx";

                $merge_vars = array('FNAME'=>$this->request->data['Subscriber']['first_name'], 'LNAME'=>$this->request->data['Subscriber']['last_name']);

                $Mailchimp = new Mailchimp( $api_key );
                $Mailchimp_Lists = new Mailchimp_Lists( $Mailchimp );
                $subscriber = $Mailchimp_Lists->subscribe($list_id, array('email' => $this->request->data['Subscriber']['email']), $merge_vars);
/////////////////////////////////////////////////////////////

Answer 1

Please note this is only valid for PHP >= 5.6.0 and will work automagically

You can use ini_set('openssl.cafile', '/path/to/cacert'); ( http://php.net/manual/en/context.ssl.php#context.ssl.cafile ) inside your code if you don't have access to modify the php.ini file on the server (You can read more here: https://wiki.php.net/rfc/tls-peer-verification ).

If you need to check the currently set location of your cafile you can use openssl_get_cert_locations .

If you are using PHP < 5.6.0

You may need to extend the Mailchimp class:

class MailchimpWithTLS extends Mailchimp {
    public function __construct($apikey=null, $opts=array()) {
        // Build the Mailchimp object normally
        parent::__construct($apikey=null, $opts);

        // Set the peer verification cURL fields
        curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 1);
        curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($this->ch, CURLOPT_CAINFO, $opts['cafile']);
    }
}

And initialize it by passing the cafile location to the constructor as an option:

$Mailchimp = new MailchimpWithTLS( $api_key , array('cafile' => CAKE . 'Config' . DS . 'cacert.pem'));

Answer 2

After speaking to some friends i found out that my web server host runs cPanel which has a simple SSL certificate installer.

I cant comment on the other answer provided by Rasclatt as i didnt try it. However it sounds very comprehensive.

For those who have this issue - check if your hoster is running cPanel software - and its as simple as a few clicks.