I'm running PHP Version 5.6 as part of XAMPP in MacOSx El Capitan and having error on few https
sites. eg: https://www.google.com/
file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
But no SSL error returned on these sites:
Please find the list first what i've tried so far but nothing works.
Tried Google first:
1. Updated cert.pem file
php -r 'print_r(openssl_get_cert_locations());'
and result was.
Array
(
[default_cert_file] => /Applications/XAMPP/xamppfiles/share/openssl/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /Applications/XAMPP/xamppfiles/share/openssl/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /Applications/XAMPP/xamppfiles/share/openssl/private
[default_default_cert_area] => /Applications/XAMPP/xamppfiles/share/openssl
[ini_cafile] => /Applications/XAMPP/xamppfiles/share/openssl/cert.pem
[ini_capath] =>
)
Saved this file cacert.pem in /Applications/XAMPP/xamppfiles/share/openssl/cert.pem
Updated php.ini
with following
openssl.cafile = /Applications/XAMPP/xamppfiles/share/openssl/cert.pem
curl.cainfo = /Applications/XAMPP/xamppfiles/share/openssl/cert.pem
Restarted Apache but no succes. Tried to read pem file (no error returned)
echo file_get_contents("/Applications/XAMPP/xamppfiles/share/openssl/cert.pem");
Test Case
It works fine on github.com
getcomposer.org
paypal.com
but not on google.com
(google.com works as well on my windows system)
php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'
Result: PayPal_Connection_OKbool(true)
But on google.com
php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://www.google.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'
Result: string(63) "SSL certificate problem: unable to get local issuer certificate"
PS: Disabling peer verification won't be acceptable.
In my case, making sure that the correct cert.pem file exists was not sufficient. You need to also set your time zone in your php.ini to your actual time zone using the date.timezone
key (in my case, I set it to America/Los Angeles). Otherwise, PHP will default to using UTC and your system clock will appear to be off. This solved the issue for me on Mac OS X El Capitan (10.11.2).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.