When adding PHP to your IIS installation on a Windows server, and you afterwards add SSL to it, everything may work at first hand, but if you need to run some curl scripts, that accesses the server with https://, you may run into this error:
“Curl (60) SSL Certificate Problem: Unable to get local issuer certificate”
This is due to the missing CA Cert from Mozilla, that PHP needs to have in it’s SSL directory, so the fix:
1) Download “cacert.pem” from here: http://curl.haxx.se/docs/caextract.html (https://curl.haxx.se/ca/cacert.pem)
2) Save the cacert.pem to the directory on the server, where the PHP version you use, resides:
3) Add this path into the php.ini you use:
4) Run “iisreset” on a command prompt with administrative privileges 🙂
5) Test and you’re done!
A million thanks you’s ! You saved me a huge headache ^_^
Glad to hear that, thanks 😉
Danke danke und danke.Sei gesegnet.
Thanks a lot for your Generosity!!!
You’re welcome and thanks 🙂
Thanks a million
You’re welcome 😉
You saved a PHP noob from an extended migraine!!! This is short, sweet and worked like a charm. Thank you for taking the time to publish this!
You’re welcome 😉 – I dealed with the same migraine 😀
It works for me!! THANKS <3
Thanks – good to hear 😉
don’t forget the ” ” is some situations
curl.cainfo=”C:\Program Files (x86)\PHP\v7.1\extras\ssl\cacert.pem”
Big thanks! Finally a working TYPO3-installation on IIS.
This also worked for me, using the curl.cainfo=”C:\Program Files (x86)\PHP\v7.1\extras\ssl\cacert.pem”
line (with the apostrophes)
Thanks so much! It’s hard to find solutions for IIS since most of forums discuss linux-based webservers. This was very helpful!
Thanks for your feedback 🙂
Thanks a lot, you saved one life with this
Glad to hear 🙂
This was a critical issue, and this post was an fresh oasis to me. Thousands thanks and bless you!
Thanks 🙂
Hi
First a Huge thanks it has saved me !
But for a wierd reason it works on my computer but not on my production server. The issue remains : cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
Maybe another idea?
Hmm…have you tried a reboot, have not seen this before, is the path correct? 😉
Thank you!
ola pra mim nao funcionou
GuzzleHttp\Exception\RequestException
cURL error 60: SSL certificate problem:
Have you followed the guide and placed the cert. in the right path?
Thanks for the solution!
Remark: QUOTEMARKS in Windows path were required in php.ini
Thanks – and thanks for the hints 🙂
Hi Martin, I did exactly like you recommended expecting to solve another curl/ssl issue I had:
“SSL peer certificate or SSH remote key was not OK”
Any idea about how to solve it? Have you seen this one before? It’s an IIS 8 with a PHP installation.
I downloaded the certificate you recommended and added it to that folder and specified that path. It is working because I added also a php file on my server to check my php environment and it states now that I have TLS 1.3 support which I did not have before adding this certificate.
Thanks in advance.
Hi,
Hmmm..
Can you try this:
https://www.mediawiki.org/wiki/Topic:W2fgz5rywc86hciu
Regards Martin
Hi Martin. Thanks for your prompt response. Let me try those. I will let you know. This issue has been persistent for several days for me without finding the solution.
Keep my fingers crossed then 🙂
Have a great weekend 🙂
Tried to export that certificate, added it to the path of the php.ini. Did not work.
Checked the IIS Authentication and Anonymous Authentication is enabled. Did not work either.
Not sure what else is missing on curl config or the certificate. the same code worked fine in another server with linux. So the code works, the issue is some config in the server environment.
Have a good weekend too.
Thanks Martin.
Hmm… if you are not using a real certificate, try with the unsecure switch in curl:
https://serverfault.com/questions/469824/curl-disable-certificate-verification
https://curl.se/docs/sslcerts.html
Tell libcurl to not verify the peer. With libcurl you disable this with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
With the curl command line tool, you disable this with -k/–insecure.
Will try that path. Thanks Martin.
Regards,
Marcos.
Great 🙂
you saved my day! thanks
Thanks 🙂
Thanks! This helped me to get the mailchimp – PHP api working.
Thanks Rob – glad to hear 🙂
This needs to go Viral. The best solution to this problem for IIS (Windows) users. Saved me a TON of headache.. I was trying to figure this out for 2 days…
ha ha thanks Abhishek:-)
I have just tried this and still get a curlError 60. I have also tried exporting our Root CA as Base-64 encoded X.509 (.CER), copying it to the relevant folder, and pointed the php.ini to it with the same result.
We do have an Intermediate CA.
The only thing we haven’t tried is a server reboot.
Confirm the folder i actually the correct PHP version, do you have multiply PHP versions installed?
“If anything fails – reboot” 🙂
Regards Martin
Bro, you are the best! thanks!!