The message “SSL certificate problem: unable to get local issuer certificate” shows up when trying to connect to Magento Connect or when, generally, you try to use cURL to connect to a remote web site.
This error happens because cURL cannot find a cacert.pem file from which take the trusted signatures.
There are some ways to set this file in cURL:
- Pass the
cacert.pemfile path directly tocURLwhen making the call; - Set the path to the
cacert.pemfile in thephp.ini.
Other options are to set the environment variable CURL_CA_BUNDLE or to put the cacert.pem file in a defined directory on your filesystem depending on your OS.
But, as we are working with digital certificates with PHP cURL, lets use PHP! :)
Pass the cacert.pem file path directly to cURL when making the call
To do this, simply pass the cacert.pem file path as parameter to pass to stream_context_create() function:
$contextOptions = [
'ssl' = [
'verify_peer' = true,
'verify_peer_name' = true,
'allow_self_signed' = false,
'cafile' = 'path/to/you/cacert.pem',
'ciphers' = 'HIGH',
'disable_compression' = true,
'capture_peer_cert' = true,
'capture_peer_cert_chain' = true,
'capture_session_meta' = true,
]
];
$context = stream_context_create($contextOptions);
How to set the path to the cacert.pem file path in the php.ini
The other more robust solution is to set the cacert.pem file path directly in the php.ini.
To do this, find the line curl.cainfo:
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
;curl.cainfo =
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=
; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=
To make cURL work with digital certificates is sufficient to simply set the curl.cainfo parameter:
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /usr/local/etc/openssl/certs/cacert.pem
Save the php.ini file and restart Apache. Try again and all should work well.
Magento: SSL certificate problem: unable to get local issuer certificate
Obviously, to solve the “SSL certificate problem: unable to get local issuer certificate” error in Magento when trying to connect to MagentoConnect the option we should choose is the second: set the cacert.pem file path directly in the php.ini.
Where to download a cacert.pem file
There isn’t an official cacert.pem, so we have to use the most accredited one, that is the one compiled by Mozilla and that can be downoaded from http://curl.haxx.se/ca/cacert.pem
If you like, here you’ll find other useful php.ini settings for local web development.
Remember to “Make. Ideas. Happen.”.
I wish you flocking users, see you soon!
L'articolo Magento 2: SSL certificate problem: unable to get local issuer certificate (cURL problem) proviene da ÐΞV Experiences by Serendipity HQ.
Top comments (0)