Configuring my cURL settings in my PHP.ini file

simplethemighty

New member
I'm currently trying to configure the curl.cainfo info for my php.ini file due to getting the URL error 60 message.

I have downloaded the cacert.pem file to the root www localhost folder for for wamp64 as this file has to be an absolute path. So the extract of my php.ini file looks as follows:
Code:
curl.cainfo = "C:\wamp64\www\cacert.pem"

Code:
openssl.cafile= "C:\wamp64\www\cacert.pem"

Code:
openssl.capath= "C:\wamp64\www\cacert.pem"

However, I'm still getting the same tedious Caught exception:
Could not send request to server. CURL error 60: SSL certificate problem: self signed certificate in certificate chain
message.

I have Windows 10 (64x) & PHP version 7.4.33 & Apache 2.4.54.2

Solutions I have attempted:

1. Restarted PC

2. Restarted WAMP

3. Looked at other threads on here.
 
The error you're encountering suggests that there is an issue with the SSL certificate being used by the server you're connecting to. The error message specifically mentions a self-signed certificate in the certificate chain.

To resolve this issue, you have a few options:

1. Use the CURLOPT_SSL_VERIFYPEER option: In your cURL request, you can set the CURLOPT_SSL_VERIFYPEER option to false to disable verification of the SSL certificate. However, this is not recommended in a production environment as it bypasses certificate validation and could expose you to security risks.

```php
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
```

2. Specify a trusted CA bundle: Instead of disabling SSL certificate verification, you can provide a trusted CA bundle to cURL. You can download the latest CA bundle from the cURL website (https://curl.se/ca/cacert.pem) and save it on your server. Then, update your `php.ini` file to point to the location of the CA bundle.

For example:
```ini
curl.cainfo = "C:/wamp64/cacert.pem"
```

Make sure to use forward slashes (/) in the path instead of backslashes (\).

3. Update OpenSSL certificates: Another option is to update the OpenSSL certificates on your server. You can download the latest CA certificates from the cURL website (https://curl.se/ca/cacert.pem) and replace the existing certificates on your server. This can help ensure that you have up-to-date and valid certificates.

After making any changes, restart your web server (Apache) for the changes to take effect. Additionally, ensure that the `curl.cainfo` directive is not commented out in your `php.ini` file.

It's worth noting that self-signed certificates are not trusted by default and are typically used for development or testing purposes. In a production environment, it's recommended to use a valid SSL certificate issued by a trusted certificate authority (CA) to ensure secure communication between your server and the client.
 
Back
Top