AWS SSL security error : [curl] 60: SSL certificate prob...: unable to get local issuer certificate
Solution 1
As mentioned by Jeremy Lindblom in the comments, the solution for AWS SDK v2 is to set the ssl.certificate_authority
option when instantiating the SDK:
$aws = Aws\Common\Aws::factory(array(
'region' => 'us-west-2',
'ssl.certificate_authority' => '/path/to/updated/cacert.pem'
));
I'll add that this was changed in the AWS SDK v3, here is the new method:
$client = new DynamoDbClient([
'region' => 'us-west-2',
'version' => 'latest',
'http' => [
'verify' => '/path/to/my/cert.pem'
]
]);
http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/configuration.html#verify
Solution 2
For those using WampServer, open the php.ini
file then scroll down to the bottom and add the following:
curl.cainfo = "C:\wamp\bin\php\php7.2.3\cacert.pem"
Make sure you have the cacert.pem
file in the folder of the current php version you are using. In my case, I have it in the php7.2.3
folder.
Solution 3
I was getting the same error If you want to use http then you can use below solution:
Error executing "PutObject" on "https://s3-ap-southeast-2.amazonaws.com/mybucketname/TestBanner1_e1d8d74e41"; AWS HTTP error: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
I have resolved it by using http method this is not secure to use secure way enter _ curl.cainfo = "/path/to/file.cacert.pem"_ in php.ini file :
Solution:
'options' => [
'scheme' => 'http',
],
Complete Example code:
// ...
's3bucket' => [
'class' => \frostealth\yii2\aws\s3\Storage::className(),
'region' => 'ap-southeast-2',
'credentials' => [ // Aws\Credentials\CredentialsInterface|array|callable
'key' => 'JGUTEHCDE.............OSHS',
'secret' => 'SJEUC-----------jzy1-----rrT',
],
'bucket' => 'yours3bucket',
//'cdnHostname' => 'http://example.cloudfront.net',
'defaultAcl' => \frostealth\yii2\aws\s3\Storage::ACL_PUBLIC_READ,
'debug' => false, // bool|array
'options' => [
'scheme' => 'http',
],
],
// ...
Solution 4
$s3 = new S3Client
([
'version' => 'latest',
'scheme' =>'http',
'region' => $this->config->item('s3_region'),
'credentials' => [
'key' => $this->config->item('s3_access_key'),
'secret' => $this->config->item('s3_secret_key')
],
]);
add Scheme to http if your protocol is Http
Solution 5
I have Very Simple Solution of this problem. You can do this without any certificate file..
Go on Laravel Root Folder -> Vender -> guzzlehttp -> guzzle -> src
open Client.php
find $defaults Array . that look like this way ..
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => true,
'cookies' => false
];
Now main Job is to change value of verify key ..
'verify' => false,
So After this it will not check SSL Certificate for CURL Request... This Solution is work for me. I find this solution after many research ...
user2818066
Updated on March 10, 2020Comments
-
user2818066 about 4 years
I am trying to connect Amazon's S3 files from my (localhost) Windows 8 machine running
AppServ 2.5.10
(which includesApache 2.2.8
,php 5.2.6
,mysql 5.0.51b
andphpMyAdmin 2.10.3
) usingAmazon SDK
for php.In order to be compatible with
Amazon SDK's
namespace feature, I replaced php with version5.3.28
by downloading its zipped file and unzipped it.My php code works fine to access
S3
file inAmazon EC2
but it failed in my Windows local host.However when I run the php srcipt to read
Amazon S3
bucket file in Windows local host machine, I got SSL error as following:Fatal error: Uncaught exception 'Guzzle\Http\Exception\CurlException' with message '[curl] 60: SSL certificate problem: unable to get local issuer certificate [url] https://images-st.s3.amazonaws.com/us/123977_sale_red_car.png' in C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php:342 Stack trace:
#0 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(283): Guzzle\Http\Curl\CurlMulti->isCurlException(Object(Guzzle\Http\Message\Request), Object(Guzzle\Http\Curl\CurlHandle), Array)
#1 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(248): Guzzle\Http\Curl\CurlMulti->processResponse(Object(Guzzle\Http\Message\Request), Object(Guzzle\Http\Curl\CurlHandle), Array)
#2 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(231): Guzzle\Http\Curl\CurlMulti->processMessages()
#3 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(215): Guzzle\Http\Curl\CurlMulti->executeHandles()
#4 C:\AppServ\www\ecity\ven in C:\AppServ\www\ecity\vendor\aws\aws-sdk-php\src\Aws\Common\Client\AbstractClient.php on line 288
I download the certifate from http://curl.haxx.se/ca/cacert.pem and define it in php.ini as following:
curl.cainfo = "C:\AppServ\cacert.pem"
but I still got the same error. It seems php doesn't honor the
curl.cainfo
defined inphp.ini
.My php version is
5.3.28
according tolocalhost/phpinfo.php
.I also checked the
cainfo
parameter to be correct asC:\AppServ\cacert.pem
usingecho ini_get( "curl.cainfo" ) ;
in the php script.
Php version higher than
5.3
shall supportcurl.cainfo
inphp.ini
.In Windows' command line, I check curl behavior and it seems work fine.
C:\Users\Jordan>curl https://s3-us-west-2.amazonaws.com/images-st/aaa.txt curl: (60) SSL certificate problem: unable to get local issuer certificate ...... C:\Users\Jordan>curl --cacert C:\AppServ\cacert.crt https://s3-us-west-2.amazonaws.com/images-st/aaa.txt This is aaa.txt file. Stored in Amazon S3 bucket.
Is it because I used Apache in Windows which doesn't match php
5.3.28
zip file I downloaded from http://windows.php.net/download/ VC9 x86 Thread Safe (2014-Jun-11 01:09:56) zip version.In my apache's httpd-ssl.conf file, I have the following setting even I use from local host in Windows 8.
<VirtualHost _default_:443> DocumentRoot "C:/AppServ/www" ServerName localhost:443 ServerAdmin [email protected] ErrorLog "C:/AppServ/Apache2.2/logs/error.log" TransferLog "C:/AppServ/Apache2.2/logs/access.log" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "C:/AppServ/Apache2.2/conf/mydomain.cert" SSLCertificateKeyFile "C:/AppServ/Apache2.2/conf/mydomain.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "C:/Apache2.2/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "C:/AppServ/Apache2.2/logs/ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
Now I am wondering what is the problem and how to connect to
Amazon S3
bucket files andRDS
database without producing thesecurl
cannot get local issuer certificate problems from my Windows 8 local host.Any advice?
-
Admin over 7 yearsAlso you can set the verify to false, for the purpose of testing.
$client = new DynamoDbClient([ 'region' => 'us-west-2', 'version' => 'latest', 'http' => [ 'verify' => false ] ]);
-
Edson Horacio Junior about 7 yearsThis works but just to mention it's the same as disabling SSL through
verify = false
. -
Ramesh Chand about 7 yearsYes If you want to use http then you can use just for testing.
-
Riz over 5 yearsIf you can not find it ( as it was in my case ), you can download it from curl.haxx.se/ca/cacert.pem