I had a errors with Curl and SSL certificate

php ssl curl

20,669

Here is a working example. You should take a look a your options (reduce the number of option for test) and just set the CURLOPT_SSL_VERIFYPEER to false in order to disable the CA check.

// connect via SSL, but don't check cert
$handle=curl_init('https://www.google.com');
curl_setopt($handle, CURLOPT_VERBOSE, true);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
$content = curl_exec($handle);

echo $content; // show target page

check HERE

20,669

Author by

Alex Alexandrov

Updated on November 03, 2020

Comments

Alex Alexandrov over 3 years
I had a problem. When you send a POST request with the CURL library to HTTPS get the error: SSL certificate problem, verify that the CA cert is OK. Details: error: 14090086: SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed. using current certificate. I tried various certificates FROM http://www.startssl.com/certs/ and FROM http://curl.haxx.se/docs/caextract.html Tell me what could be the cause of the error? Here's the code POST request:
```
        curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent);
    curl_setopt($process, CURLOPT_COOKIEFILE, $this->cookie_file);
    curl_setopt($process, CURLOPT_COOKIEJAR, $this->cookie_file);
    curl_setopt($process, CURLOPT_ENCODING , '');
    curl_setopt($process, CURLOPT_CONNECTTIMEOUT, 120); 
    curl_setopt($process, CURLOPT_TIMEOUT, 120);
    curl_setopt($process, CURLOPT_PROXY,$this->proxy);
    curl_setopt($process, CURLOPT_POSTFIELDS, $data);
    curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($process, CURLOPT_POST, 1);
    curl_setopt($process,CURLOPT_VERBOSE,1);

    if($ssl){
        curl_setopt ($process, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt ($process, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($process ,CURLOPT_CAINFO, YiiBase::getPathOfAlias('webroot').'/files/GTECyberTrustGlobalRoot.crt');
    }
    curl_setopt ($process, CURLOPT_HTTPHEADER, array('Expect:'));
    $return = curl_exec($process);

    $this->error_code = curl_getinfo($process,  CURLINFO_HTTP_CODE);
```
- MatRt about 11 years
  
  did you try with a self-signed certificate ?
- MatRt about 11 years
  
  According to this article : unitstep.net/blog/2009/05/05/… you are doing too much action when SSL is enable. If you set the CURLOPT_SSL_VERIFYPEER to false, there is no need to set the CURLOPT_CAINFO and the CURLOPT_SSL_VERIFYHOST
- Alex Alexandrov about 11 years
  
  yes, went to the site through a browser, where I tried to send requests through the browser store the certificate and used it when making a request, the same result
- MatRt about 11 years
  
  Moreover, CURLOPT_SSL_VERIFYHOST seems to take an integer (0, 1, 2) and not a boolean.
- Alex Alexandrov about 11 years
  
  curl_setopt ($process, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt ($process, CURLOPT_SSL_VERIFYHOST, 2); still not working
- MatRt about 11 years
  
  CURLOPT_SSL_VERIFYPEER is taking a BOOLEAN and CURLOPT_SSL_VERIFYHOST is taking an INTEGER. when SSL, just try with curl_setopt ($process, CURLOPT_SSL_VERIFYPEER, false); (skip verification of certificate). And what is the purpose of curl_setopt ($process, CURLOPT_HTTPHEADER, array('Expect:')); ?
- Alex Alexandrov about 11 years
  
  I cut curl_setopt ($process, CURLOPT_HTTPHEADER, array('Expect:')); and with (CURLOPT_SSL_VERIFYPEER, false) still old error - " SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed".
- MatRt about 11 years
  
  did you comment also the 2 other lines ? (about CURLOPT_SSL_VERIFYHOST and CURLOPT_CAINFO) ?
- Alex Alexandrov about 11 years
  
  Yesterday after work without problems, but today is the fault. curl_setopt ($process, CURLOPT_SSL_VERIFYPEER, false); curl_setopt ($process, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($process ,CURLOPT_CAINFO, YiiBase::getPathOfAlias('webroot').'/files/GTECyberTrustGlob‌alRoot.crt');
- MatRt about 11 years
  
  I made a response, and give a working example
- Bruno about 11 years
  
  If you're after security, do not disable verifypeer or verifyhost.
Alex Alexandrov about 11 years

thanks for your suggestions and advice, I'll admit negligence and because of this was a mistake.
Eric Kigathi almost 7 years

@Bruno I completely understand but in the interest of resolving the question please find/post the cURL feedback
jww about 6 years

Very bad advice; see The most dangerous code in the world: validating SSL certificates in non-browser software. Instead of disabling the certificate verification, you should explain how to make the connection work with GTECyberTrustGlobalRoot.crt as the OP is trying to do.