Question
PHP cURL Fails to Establish Secure Connection with Custom CA Certificates
- Posted on May 27, 2023
- PHP
Asked by Josep Esposito
Hello everyone,
I am facing a challenging issue with a PHP application that involves cURL and SSL. The application is designed to connect to a remote server over HTTPS. This server employs a certificate issued by a custom internal Certificate Authority (CA) rather than a well-known public CA.
When I try accessing the server through a web browser after adding the custom CA certificate to the system trust store, it works fine. However, when I attempt to connect using my PHP script via cURL, I’m met with an SSL certificate problem.
Here is a snippet of the PHP code:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://my-secure-server.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/custom/ca_certificate.pem');
$response = curl_exec($ch);
if($response === false){
echo 'Error: ' . curl_error($ch);
}
curl_close($ch);
The error I keep getting is:
Error: SSL certificate problem: unable to get local issuer certificate
I’ve confirmed that the path to the CA certificate file is correct, the file is readable by the PHP process, and its format is correct (PEM encoded).
I’ve also attempted to use CURLOPT_CAPATH pointing to the directory of the certificate, but the result is the same. Additionally, I’ve checked that openssl.cafile and curl.cainfo are properly set in my php.ini file.
Could anyone offer some guidance on why my PHP application is not recognizing the SSL certificate even though it’s valid and trusted by the system? I’m using PHP 7.4, cURL 7.68, and OpenSSL 1.1.1.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Featured on Community
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hello,
Given what you’ve already tried, there’s a possibility that the issue lies within the chain of trust from your custom CA to the certificate on your secure server.
Having said that, before I suggest any solutions, I would like to note that you are using some older versions on your software.
My first suggestion would be to update your system to the latest possible especially if you are building a new application and give it another try. If it doesn’t work we can try exploring more troubleshooting options regarding your CA