PHP CURL error: SSL certificate problem: unable to get local issuer certificate

248

I have looked at every solution listed on STACKOVERFLOW. Nothing resolves this issue. The issue I am having is only when I attach a port, in this example 5443, to the cURL PHP code. If I do a CLI without the port it works. In Code, if I do just a straight URL https://HOSTNAME/api/test without assigning a port, it works. Either way I can see the GET come in. This is all about certification verification. The port is open on the server.

I have a GoDaddy G2 certificate. I have a newly built server with a CA-bundle and I have tried using the root certificate, the certificate bundle from

"https://curl.haxx.se/docs/caextract.html"

and every other combination. I always get the same error when I add in the port number:

"SSL certificate problem: unable to get local issuer certificate"

$url = "https://HOSTNAME/api/test";
$curl = curl_init();

if ($curl === false)
{
echo "Failure";

} else
{

curl_setopt($curl, CURLOPT_PORT, 5443);
curl_setopt($curl, CURLOPT_HTTPGET, true);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($curl, CURLOPT_TIMEOUT, 60);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);


// Turn on SSL certificate verification
curl_setopt($curl, CURLOPT_CAPATH, "/fully_resolved_path/");

// and tried this way too

curl_setopt($curl, CURLOPT_CAPATH, "/fully_resolved_path");

// tried this

curl_setopt($curl,CURLOPT_CAINFO,"/fully_resolved_path/cacert.pem"); 

// This is actually the default setting, 1 no longer supported, and has no effect on the final result in this case.

curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);

// fails when this is TRUE! Performs no checking when FALSE

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);


    $result = curl_exec($curl);

   if ($result === false)
    {
       echo curl_error($curl);

    } else

    {
       echo $result; 
    }

    curl_close($curl);

}

Everything is set up and works as expected, returns a JSON object. Only when I add in the Port Number does it choke. The Common Name in the SSL Certificate Matches the HOSTNAME. As stated, it works until I add in a port number.

831

Answer

Solution:

I have looked at every solution listed on STACKOVERFLOW. Nothing resolves this issue.

Wow. But unfortunately this "information" is useless since it does not say anything of what you actually tried.

The issue I am having is only when I attach a port, in this example 5443, to the cURL PHP code. If I do a CLI without the port it works.

This because without port it will use port 443. Since you explicitly use port 5443 you connect to a different server with a different setup and which provides different certificates compared to the one on port 443. Just try to set the port explicitly to 443 and you'll see that it works.

It is likely that the server on port 5443 is providing some self-signed certificate, some certificate issued by some unknown CA or is missing the necessary chain certificates (i.e. misconfigured). These are the causes usually associated with this kind of error and you should have seen this already and also seen the solutions since you "looked at every solution listed on STACKOVERFLOW". Only remember that to fix you need to look the server at port 5443 and not the default server at port 443.

People are also looking for solutions to the problem: php - Making a followers system

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.