Fix it the right way! – SSL Error: unable to get local issuer certificate

If you use cURL on your private machine or server you may experience some problems connecting to websites using https or redirecting you to a https version of the website. One example for this problem is the Facebook Graph API. XAMPP as an example doesn’t ship with any certificates so you have to fix this problem by yourself.

Now, many users just set

CURLOPT_SSL_VERIFYPEER

to false. However, this is not the correct way to do it, because it disables the certificate validation by it’s certificate authority. This exposes you to a man-in-the-middle attack.

Fixing this problem the right way is fairly easy. On the official cURL-site you can download up-to-date cerficate authorities here. I for one put the file into the same directory as my php.ini. If you have no idea where your php.ini is, then simply run the following command on the command line

PATH-TO-PHP-BINARY --ini

For MAC OS X and XAMPP it would be

/Applications/XAMPP/xamppfiles/bin/php --ini

Now, with the help of the output, you can see where your php.ini is located. The output can look like this.

Configuration File (php.ini) Path: /Applications/XAMPP/xamppfiles/etc
Loaded Configuration File:         /Applications/XAMPP/xamppfiles/etc/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed:      (none)

From this output I can see that the php.ini would be located under

/Applications/XAMPP/xamppfiles/etc/

In this foler, I will now save the downloaded certificates and afterwards open the php.ini with my favorite text editor. Scroll down to the end of the file and add this line

curl.cainfo=<path-to>cacert.pem
#In my case: /curl.cainfo=/Applications/XAMPP/xamppfiles/etc/cacert.pem

Hope it’s easy to understand and you fixed this problem now. Happy coding!

 

It's only fair to share...Share on FacebookTweet about this on TwitterShare on RedditEmail this to someoneShare on Tumblr

15 thoughts on “Fix it the right way! – SSL Error: unable to get local issuer certificate

  1. Thanks! my pem file was in another location, but found it with the help of your post..

    The line in my php.ini was:
    curl.cainfo=“C:\Users\username\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem“

  2. Good Morning,

    followed every step of this guide, but still getting a curl error.

    I’ve setted up the path in this way:

    curl.cainfo=“C:\xampp\php\cacert.pem“

    and even in this other way:

    curl.cainfo = C:\xampp\php\cacert.pem

    but still getting the ssl problem.

    Using xampp, with last php version, on a windows 7

    1. Hey. Does the file exist in that location? Could you navigate with your Explorer to that location and then look at the path you got?

Leave a Comment

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.