CurlException: [curl] 51: SSL: certificate verification failed

php symfony curl ssl

15,848

Solution 1

Someone already asked a similar question, please look here: HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK

also, there is an article here: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

Solution 2

Look at the certificate chain for whatever domain is giving you this error. For me it was googleapis.com

openssl s_client -host www.googleapis.com -port 443

You'll get back something like this:

CONNECTED(00000005)
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googleapis.com
   i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
 1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign

Note: I captured this after I fixed the issue. Also, your chain output will look different.

Then you need to look at the certificates allowed in php running under apache. Run phpinfo() in a page.

<?php echo phpinfo();

Then look for the certificate file that's loaded from the page output by searching the page for openssl.cafile:

openssl.cafile openssl.cafile /usr/local/php5/ssl/certs/cacert.pem

This is the file you'll need to fix by adding the correct certificate(s) to it.

sudo nano /usr/local/php5/ssl/certs/cacert.pem

You basically need to append the correct certificate "signatures" to the end of this file.

You can find some of them here:

They look like this:

(Note: This is an image so people will not simply copy/paste certificates from stackoverflow)

If you need to convert a .crt to pem, you'll need to do something like this:

openssl x509 -inform DER -outform PEM -in GIAG2.crt -out GIA2.pem

Once the right certificates are in this file, restart apache and test.

Solution 3

Fix for this problem is to unset the value for SSL_CERT_FILE

Run the command :

export SSL_CERT_FILE=""

And then try performing the desired actions and it will work properly.

Reference : Curl 'certificate verification failed' on mac

15,848

Author by

marco.santonocito

Updated on July 26, 2022

Comments

marco.santonocito almost 2 years
Can't figure out what could be:

In my local environment, after I updated my OSX to the last version of Yosemite, I get this error:
```
CurlException: [curl] 51: SSL: certificate verification failed (result: 5) [url] 
```
I'm using Symfony2 so it is related to PHP. I tried to reinstall openssl but nothing happen.

Any suggestion?
marco.santonocito over 9 years

I already tried these solutions but are not working. However for this moment I found a little trick (see the answer below).