cURL 오류 60 : SSL 인증서 : 로컬 발급자 인증서를 가져올 수 없습니다

cURL 오류 60 : SSL 인증서 : 로컬 발급자 인증서를 가져올 수 없습니다

---

로컬 개발 환경에서 WAMP를 사용하고 신용 카드를 청구하려고하지만 오류 메시지가 나타납니다.

cURL 오류 60 : SSL 인증서 문제 : 로컬 발급자 인증서를 가져올 수 없습니다

Google에서 많은 것을 검색했으며 많은 사람들이 cacert.pem 이 파일을 다운로드 하고 어딘가에 넣고 php.ini에서 참조 할 것을 제안합니다 . 이것은 내 php.ini의 일부입니다.

curl.cainfo = "C:\Windows\cacert.pem"

그러나 서버를 여러 번 다시 시작하고 경로를 변경 한 후에도 동일한 오류 메시지가 나타납니다.

Apache Modules에서 WAMP를 사용하고 ssl_module을 활성화했습니다. 그리고 PGP 확장에서 php_curl을 활성화했습니다.

여전히 같은 오류 메시지입니다. 왜 그런 일이?

이제이 수정을 따르고 있습니다 : PHP CURL 오류 60 SSL 수정하는 방법

cURL 옵션에 다음 줄을 추가하는 것이 좋습니다.

curl_setopt($process, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, true);

내 cURL에 옵션을 어디에 추가합니까? CLI가 "curl_setopt"명령을 찾지 못해 명령 행을 통하지 않는 것 같습니다.

편집하다

이것은 내가 실행중인 코드입니다.

public function chargeStripe()
{
    $stripe = new Stripe;
    $stripe = Stripe::make(env('STRIPE_PUBLIC_KEY'));

    $charge = $stripe->charges()->create([
        'amount'   => 2900,
        'customer' => Input::get('stripeEmail'),
        'currency' => 'EUR',
    ]);

    dd($charge);

    // echo $charge[Input::get('stripeToken')];


    return Redirect::route('step1');
}

---

작업 솔루션 :

• 창에서 가정

XAMPP 서버

다른 환경과 유사-cacert.pem 다운로드 및 압축 풀기 (깨끗한 파일 형식 / 데이터)

https://curl.haxx.se/docs/caextract.html

• 여기에 넣어

C : \ xampp \ php \ extras \ ssl \ cacert.pem

• php.ini에서이 줄을이 섹션에 넣으십시오 ( "c : \ xampp \ php \ php.ini") :

;;;;;;;;;;;;;;;;;;;;
; php.ini Options  ;
;;;;;;;;;;;;;;;;;;;;

curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"

• 웹 서버 / 아파치를 다시 시작하십시오

문제 해결됨!

(출처 : https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate )

---

Guzzle과 함께 PHP 5.6을 사용하는 경우 Guzzle은 프로세스 ( ref )가 아니라 인증서에 대해 PHP 라이브러리 자동 감지를 사용하도록 전환했습니다 . PHP는 여기서 변경 사항을 설명합니다 .

PHP / Guzzle에서 인증서를 찾는 위치 찾기

PHP를 사용하여 찾고있는 곳을 덤프 할 수 있습니다 :

 var_dump(openssl_get_cert_locations());

인증서 번들 얻기

OS X 테스트의 경우 homebrew를 사용하여 openssl을 설치 brew install openssl한 다음 openssl.cafile=/usr/local/etc/openssl/cert.pemphp.ini 또는 Zend 서버 설정 (OpenSSL 아래)에서 사용할 수 있습니다.

curl 웹 사이트의 curl / Mozilla에서 인증서 번들을 사용할 수도 있습니다. https://curl.haxx.se/docs/caextract.html

인증서가 어디에 있는지 PHP에 알리기

번들이 있으면 PHP가 이미 찾고있는 곳에 배치하거나 (위에서 찾은) openssl.cafilephp.ini에서 업데이트하십시오 . (일반적으로, /etc/php.ini또는 /etc/php/7.0/cli/php.ini또는 /etc/php/php.ini유닉스.)

---

주의 Wamp / Wordpress / windows 사용자. 나는 몇 시간 동안이 문제를 겪었으며 올바른 질문조차도 나를 위해 그것을하지 않았다. 왜냐하면 질문이 WAMP에 대한 것이더라도 WAMP 사용자가 아닌 XAMPP에 대한 질문에 대답했기 때문에 잘못된 php.ini 파일을 편집했기 때문입니다.

여기 내가 한 일이 있습니다.

인증서 번들을 다운로드하십시오 .

안에 넣어 C:\wamp64\bin\php\your php version\extras\ssl

파일 mod_ssl.so이 내부에 있는지 확인하십시오C:\wamp64\bin\apache\apache(version)\modules

Apache 디렉토리 내부 mod_ssl에서 활성화httpd.confC:\wamp64\bin\apache\apache2.4.27\conf

사용 php_openssl.dll에서 php.ini. 내 문제는 두 개의 php.ini 파일이 있으며 두 파일 모두 에서이 작업을 수행해야한다는 것입니다. 첫 번째는 WAMP 작업 표시 줄 아이콘 안에 있습니다.

다른 하나는 C:\wamp64\bin\php\php(Version)

두 php.ini파일 의 위치를 찾고 줄을 찾아 다음 curl.cainfo =과 같은 경로를 지정하십시오

curl.cainfo = "C:\wamp64\bin\php\php(Version)\extras\ssl\cacert.pem"

이제 파일을 저장하고 서버를 다시 시작하십시오.

---

cartalyst / stripe에 의해 사용되는 Guzzle 은 다음을 수행하여 서버 인증서를 확인하기위한 적절한 인증서 아카이브를 찾습니다.

1. openssl.cafilephp.ini 파일에 설정되어 있는지 확인하십시오 .
2. curl.cainfophp.ini 파일에 설정되어 있는지 확인하십시오 .
3. /etc/pki/tls/certs/ca-bundle.crt존재 하는지 확인 (Red Hat, CentOS, Fedora; ca-certificates 패키지에서 제공)
4. /etc/ssl/certs/ca-certificates.crt존재 하는지 확인 (우분투, 데비안, ca 인증서 패키지에서 제공)
5. Check if /usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)
6. Check if /usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)
7. Check if C:\windows\system32\curl-ca-bundle.crt exists (Windows)
8. Check if C:\windows\curl-ca-bundle.crt exists (Windows)

You will want to make sure that the values for the first two settings are properly defined by doing a simple test:

echo "openssl.cafile: ", ini_get('openssl.cafile'), "\n";
echo "curl.cainfo: ", ini_get('curl.cainfo'), "\n";

Alternatively, try to write the file into the locations indicated by #7 or #8.

---

If you're unable to change php.ini you could also point to the cacert.pem file from code like this:

$http = new GuzzleHttp\Client(['verify' => '/path/to/cacert.pem']);
$client = new Google_Client();
$client->setHttpClient($http);

---

What i did was use var_dump(openssl_get_cert_locations()); die; in any php script, which gave me the information about defaults that my local php was using:

array (size=8)
  'default_cert_file' => string 'c:/openssl-1.0.1c/ssl/cert.pem' (length=30)
  'default_cert_file_env' => string 'SSL_CERT_FILE' (length=13)
  'default_cert_dir' => string 'c:/openssl-1.0.1c/ssl/certs' (length=27)
  'default_cert_dir_env' => string 'SSL_CERT_DIR' (length=12)
  'default_private_dir' => string 'c:/openssl-1.0.1c/ssl/private' (length=29)
  'default_default_cert_area' => string 'c:/openssl-1.0.1c/ssl' (length=21)
  'ini_cafile' => string 'E:\xampp\php\extras\ssl\cacert.pem' (length=34)
  'ini_capath' => string '' (length=0)

As you can notice, i have set the ini_cafile or the ini option curl.cainfo. But in my case, curl would try to use the "default_cert_file" which did not exist.

I copied the file from https://curl.haxx.se/ca/cacert.pem into the location for "default_cert_file" (c:/openssl-1.0.1c/ssl/cert.pem) and i was able to get it to work.

This was the only solution for me.

---

I found a solution that worked for me. I downgraded from the latest guzzle to version ~4.0 and it worked.

In composer.json add "guzzlehttp/guzzle": "~4.0"

Hope it helps someone

---

I had this problem appear out-of-the-blue one day, when a Guzzle(5) script was attempting to connect to a host over SSL. Sure, I could disable the VERIFY option in Guzzle/Curl, but that's clearly not the correct way to go.

I tried everything listed here and in similar threads, then eventually went to terminal with openssl to test against the domain with which I was trying to connect:

openssl s_client -connect example.com:443 

... and received first few lines indicating:

CONNECTED(00000003)
depth=0 CN = example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = example.com
verify error:num=21:unable to verify the first certificate
verify return:1 

... while everything worked fine when trying other destinations (ie: google.com, etc)

This prompted me to contact the domain I had been trying to connect to, and indeed, they had a problem on THEIR END that had crept up. It was resolved and my script went back to working.

So... if you're pulling your hair out, give openssl a shot and see if there's anything up with the response from the location you are attempting to connect. Maybe the issue isn't so 'local' after all sometimes.

---

Have you tried..

curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);

If you are consuming a trusted source arguably you dont need to verify the SSL cert.

---

Be sure that you open the php.ini file directly by your Window Explorer. (in my case: C:\DevPrograms\wamp64\bin\php\php5.6.25).

Don't use the shortcut to php.ini in the Wamp/Xamp icon's menu in the System Tray. This shortcut doesn't work in this case.

Then edit that php.ini :

curl.cainfo ="C:/DevPrograms/wamp64/bin/php/cacert.pem" 

and

openssl.cafile="C:/DevPrograms/wamp64/bin/php/cacert.pem"

After saving php.ini you don't need to "Restart All Services" in Wamp icon or close/re-open CMD.

---

I just experienced this same problem with the Laravel 4 php framework which uses the guzzlehttp/guzzle composer package. For some reason, the SSL certificate for mailgun stopped validating suddenly and I got that same "error 60" message.

If, like me, you are on a shared hosting without access to php.ini, the other solutions are not possible. In any case, Guzzle has this client initializing code that would most likely nullify the php.ini effects:

// vendor/guzzlehttp/guzzle/src/Client.php
    $settings = [
        'allow_redirects' => true,
        'exceptions'      => true,
        'decode_content'  => true,
        'verify'          => __DIR__ . '/cacert.pem'
    ];

Here Guzzle forces usage of its own internal cacert.pem file, which is probably now out of date, instead of using the one provided by cURL's environment. Changing this line (on Linux at least) configures Guzzle to use cURL's default SSL verification logic and fixed my problem:

        'verify'          => true

You can also set this to false if you don't care about the security of your SSL connection, but that's not a good solution.

Since the files in vendor are not meant to be tampered with, a better solution would be to configure the Guzzle client on usage, but this was just too difficult to do in Laravel 4.

Hope this saves someone else a couple hours of debugging...

---

This might be an edge case, but in my case the problem was not the client conf (I already had curl.cainfo configured in php.ini), but rather the remote server not being configured properly:

It did not send any intermediate certs in the chain. There was no error browsing the site using Chrome, but with PHP I got following error.

cURL error 60

After including the Intermediate Certs in the remote webserver configuration it worked.

You can use this site to check the SSL configuration of your server:

https://whatsmychaincert.com/

---

I spent too much time to figure out this problem for me.

I had PHP version 5.5 and I needed to upgrade to 5.6.

In versions < 5.6 Guzzle will use it's own cacert.pem file, but in higher versions of PHP it will use system's cacert.pem file.

I also downloaded file from here https://curl.haxx.se/docs/caextract.html and set it in php.ini.

Answer found in Guzzles StreamHandler.php file https://github.com/guzzle/guzzle/blob/0773d442aa96baf19d7195f14ba6e9c2da11f8ed/src/Handler/StreamHandler.php#L437

        // PHP 5.6 or greater will find the system cert by default. When
        // < 5.6, use the Guzzle bundled cacert.

---

All of the answers are correct ; but the most important thing is You have to find the right php.ini file. check this command in cmd " php --ini " is not the right answer for finding the right php.ini file.

if you edit

curl.cainfo ="PATH/cacert.pem"

and check

var_dump(openssl_get_cert_locations()); 

then curl.cainfo should have a value. if not then that's not right php.ini file;

*I recommend you to search *.ini in wamp/bin or xxamp/bin or any server you use and change them one by one and check it. *

---

when I run 'var_dump(php_ini_loaded_file());' I get this output on my page 'C:\Development\bin\apache\apache2.4.33\bin\php.ini' (length=50)'

and to get php to load my cert file I had to edit the php.ini in this path 'C:\Development\bin\apache\apache2.4.33\bin\php.ini' and add openssl.cafile="C:/Development/bin/php/php7.2.4/extras/ssl/cacert.pem" where I had downloaded and place my cert file from https://curl.haxx.se/docs/caextract.html

am on windows 10, using drupal 8, wamp and php7.2.4

---

As you are using Windows, I think your path separator is '\' (and '/' on Linux). Try using the constant DIRECTORY_SEPARATOR. Your code will be more portable.

Try:

curl_setopt($process, CURLOPT_CAINFO, dirname(__FILE__) . DIRECTORY_SEPARATOR . 'cacert.pem');

EDIT: and write the full path. I had some issues with relative paths (perhaps curl is executed from another base directory?)

---

if you use WAMP you should also add the certificate line in php.ini for Apache (besides the default php.ini file):

[curl]
curl.cainfo = C:\your_location\cacert.pem

works for php5.3+

참고URL : https://stackoverflow.com/questions/29822686/curl-error-60-ssl-certificate-unable-to-get-local-issuer-certificate