Windows IIS with PHP: Curl (60) SSL Certificate Problem: Unable to get local issuer certificate

When adding PHP to your IIS installation on a Windows server, and you afterwards add SSL to it, everything may work at first hand, but if you need to run some curl scripts, that accesses the server with https://, you may run into this error:

“Curl (60) SSL Certificate Problem: Unable to get local issuer certificate”

This is due to the missing CA Cert from Mozilla, that PHP needs to have in it’s SSL directory, so the fix:

1) Download “cacert.pem” from here: http://curl.haxx.se/docs/caextract.html (https://curl.haxx.se/ca/cacert.pem)
2) Save the cacert.pem to the directory on the server, where the PHP version you use, resides:

3) Add this path into the php.ini you use:

4) Run “iisreset” on a command prompt with administrative privileges 🙂

5) Test and you’re done!

 

40 Comments

  1. julius

    A million thanks you’s ! You saved me a huge headache ^_^

    Reply
    1. Martin (Post author)

      Glad to hear that, thanks 😉

      Reply
  2. Shahrokh Fallah

    Thanks a lot for your Generosity!!!

    Reply
    1. Martin (Post author)

      You’re welcome and thanks 🙂

      Reply
  3. binu

    Thanks a million

    Reply
    1. Martin (Post author)

      You’re welcome 😉

      Reply
  4. Steve

    You saved a PHP noob from an extended migraine!!! This is short, sweet and worked like a charm. Thank you for taking the time to publish this!

    Reply
    1. Martin (Post author)

      You’re welcome 😉 – I dealed with the same migraine 😀

      Reply
  5. Leandro Matilla

    It works for me!! THANKS <3

    Reply
    1. Martin (Post author)

      Thanks – good to hear 😉

      Reply
  6. William Oorschot

    don’t forget the ” ” is some situations

    curl.cainfo=”C:\Program Files (x86)\PHP\v7.1\extras\ssl\cacert.pem”

    Reply
  7. Teson

    Big thanks! Finally a working TYPO3-installation on IIS.

    Reply
  8. Paul Gilpatrick

    This also worked for me, using the curl.cainfo=”C:\Program Files (x86)\PHP\v7.1\extras\ssl\cacert.pem”

    line (with the apostrophes)

    Reply
  9. Your Admirer

    Thanks so much! It’s hard to find solutions for IIS since most of forums discuss linux-based webservers. This was very helpful!

    Reply
    1. Martin (Post author)

      Thanks for your feedback 🙂

      Reply
  10. Edgardo Sanabria

    Thanks a lot, you saved one life with this

    Reply
    1. Martin (Post author)

      Glad to hear 🙂

      Reply
  11. Matias

    This was a critical issue, and this post was an fresh oasis to me. Thousands thanks and bless you!

    Reply
    1. Martin (Post author)

      Thanks 🙂

      Reply
  12. Cyrille

    Hi
    First a Huge thanks it has saved me !

    But for a wierd reason it works on my computer but not on my production server. The issue remains : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

    Maybe another idea?

    Reply
    1. Martin (Post author)

      Hmm…have you tried a reboot, have not seen this before, is the path correct? 😉

      Reply
  13. Mehran

    Thank you!

    Reply
  14. Claudio Martt

    ola pra mim nao funcionou

    GuzzleHttp\Exception\RequestException
    cURL error 60: SSL certificate problem:

    Reply
    1. Martin (Post author)

      Have you followed the guide and placed the cert. in the right path?

      Reply
  15. Maximilian Gehring

    Thanks for the solution!
    Remark: QUOTEMARKS in Windows path were required in php.ini

    Reply
    1. Martin (Post author)

      Thanks – and thanks for the hints 🙂

      Reply
  16. Marcos

    Hi Martin, I did exactly like you recommended expecting to solve another curl/ssl issue I had:

    “SSL peer certificate or SSH remote key was not OK”

    Any idea about how to solve it? Have you seen this one before? It’s an IIS 8 with a PHP installation.

    I downloaded the certificate you recommended and added it to that folder and specified that path. It is working because I added also a php file on my server to check my php environment and it states now that I have TLS 1.3 support which I did not have before adding this certificate.

    Thanks in advance.

    Reply
    1. Martin (Post author)

      Hi,
      Hmmm..

      Can you try this:
      https://www.mediawiki.org/wiki/Topic:W2fgz5rywc86hciu

      Regards Martin

      Reply
      1. Marcos

        Hi Martin. Thanks for your prompt response. Let me try those. I will let you know. This issue has been persistent for several days for me without finding the solution.

        Reply
        1. Martin (Post author)

          Keep my fingers crossed then 🙂

          Have a great weekend 🙂

          Reply
      2. Marcos

        Tried to export that certificate, added it to the path of the php.ini. Did not work.
        Checked the IIS Authentication and Anonymous Authentication is enabled. Did not work either.
        Not sure what else is missing on curl config or the certificate. the same code worked fine in another server with linux. So the code works, the issue is some config in the server environment.
        Have a good weekend too.
        Thanks Martin.

        Reply
        1. Martin (Post author)

          Hmm… if you are not using a real certificate, try with the unsecure switch in curl:
          https://serverfault.com/questions/469824/curl-disable-certificate-verification

          https://curl.se/docs/sslcerts.html

          Tell libcurl to not verify the peer. With libcurl you disable this with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

          With the curl command line tool, you disable this with -k/–insecure.

          Reply
          1. Marcos

            Will try that path. Thanks Martin.
            Regards,
            Marcos.

          2. Martin (Post author)

            Great 🙂

  17. Mustafa

    you saved my day! thanks

    Reply
    1. Martin (Post author)

      Thanks 🙂

      Reply
  18. Rob

    Thanks! This helped me to get the mailchimp – PHP api working.

    Reply
    1. Martin (Post author)

      Thanks Rob – glad to hear 🙂

      Reply
  19. Abhishek

    This needs to go Viral. The best solution to this problem for IIS (Windows) users. Saved me a TON of headache.. I was trying to figure this out for 2 days…

    Reply
    1. Martin (Post author)

      ha ha thanks Abhishek:-)

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close