This is for Windows users, using curl-7.57.0-win64-mingw or similar version.
I have already shared this on another thread, but I think Windows users might stumble upon this question and my answer might help. So, sharing the step-by-step process.
This error basically means, curl is failing to verify the certificate of the target URI. If you trust the issuer of the certificate (CA), you can add that to the list of trusted certificates (e.g. It’s a local IIS certificate, and you trust it for your development purposes).
For that, browse the URI (e.g. on Chrome) and follow the steps
- Right click on the
HTTPSsecure padlock 🔒 icon on address bar - Click on
certificate, it’ll open a window with the certificate details - Go to ‘Certification Path’ tab
- Click the ROOT certificate
- Click
View Certificate, it’ll open another certificate window - Go to
Detailstab - Click
Copy to File...button, it’ll open the export wizard - Click
Next - Select ‘Base-64 encoded X.509 (.CER)’
- Click
Next - Give a friendly name that you can remember e.g. ‘MyDomainX.cer’ (browse to desired directory) and save
- Click
Next - Click
Finish, it’ll save the certificate file
So what did we do?
We basically saved the root certificate for the desired site (that we actually trust) as a local file. What do we do next?
Add that certificate to the list of trusted certificates
- Now open this
.cerfile and copy the contents (including-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----) - Now go to the directory where
curl.exeis saved e.g.C:\SomeFolder\curl-7.57.0-win64-mingw\bin - Open the
curl-ca-bundle.crtfile with a text editor (right click and open with…) - Append the copied certificate text to the end of the file. Save
What did we do now?
We added the certificate (content) to curl‘s main certificate bundle. So now curl will recognize this certificate and allow the domain.
Now your command should execute fine on curl.
In this article, we see how to fix the cURL error 60 SSL certificate problem. cURL error 60: SSL certificate problem: unable to get local issuer certificate error occurs when we try to call the API with the secure https:// protocol in the request URL.
cURL error 60 SSL certificate problem on localhost in xampp and localhost wamp server. Also, you can face a curl 60 SSL certificate problem on windows, In the laravel guzzle SSL certificate issue.
Why does cURL Error 60 SSL certificate Occur?
Your API call tries to run the request URL with only http:// protocol. You can’t see the error anymore because secure API calls require an SSL certificate or https:// protocol.
This error occurs because the API call makes a secure connection request using the self-signed certificate. When it does not find a valid certificate, it throws an error.
How To Fix cURL Error 60 SSL Certificate Problem?
-
Open http://curl.haxx.se/ca/cacert.pem or Download the “cacert.pem” free certificate file from the official website http://curl.haxx.se/docs/caextract.html
-
Save it as a “cacert.pem”.
-
Paste cacert.pem in WAMP user to C:\wamp64\bin\php\cacert.pem, for XAMPP user to C:\xampp\php\extras\ssl\cacert.pem path.
-
Open php.ini and find this line
;curl.cainfo
Enter fullscreen mode
Exit fullscreen mode
- Now, we need to add the path of the certificate to “curl.cainfo” and remove the semicolon(;) as follows.
curl.cainfo = "C:\wamp64\bin\php\cacert.pem"
Enter fullscreen mode
Exit fullscreen mode
- The most important step is to save and close your php.ini. Restart your WAMP or XAMPP server and try your request again. If you do not set the right path, then you will experience a cURL 77 error.
Windows IIS with PHP: Curl (60) SSL Certificate Problem: Unable to get local issuer certificate
23/03/2017
When adding PHP to your IIS installation on a Windows server, and you afterwards add SSL to it, everything may work at first hand, but if you need to run some curl scripts, that accesses the server with https://, you may run into this error:
“Curl (60) SSL Certificate Problem: Unable to get local issuer certificate”
This is due to the missing CA Cert from Mozilla, that PHP needs to have in it’s SSL directory, so the fix:
1) Download “cacert.pem” from here: http://curl.haxx.se/docs/caextract.html (https://curl.haxx.se/ca/cacert.pem)
2) Save the cacert.pem to the directory on the server, where the PHP version you use, resides:
3) Add this path into the php.ini you use:
4) Run “iisreset” on a command prompt with administrative privileges 🙂
5) Test and you’re done!
By continuing to use the site, you agree to the use of cookies. more information
If you are using PHP’s cURL functions to connect to an HTTPS URL, then you might come across the following error:
SSL certificate problem: unable to get local issuer certificate. (cURL error code 60)
This is a common error that occurs whenever you attempt to use cURL functions to connect to an HTTPS website.
In plain English, it means that you have not configured cURL to connect to SSL-enabled websites.
The quick fix.
If you do not care about security and are looking for a quick fix, then you can simply disable the following cURL options:
- CURLOPT_SSL_VERIFYHOST: This option tells cURL that it must verify the host name in the server cert.
- CURLOPT_SSL_VERIFYPEER: This option tells cURL to verify the authenticity of the SSL cert on the server.
Disabling these two options disables SSL verification.
To disable these two options, you can use the curl_setopt function like so:
//The URL we are connecting to.
$url = 'https://google.com';
//Initiate cURL.
$ch = curl_init($url);
//Disable CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER by
//setting them to false.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//Execute the request.
curl_exec($ch);
//Check for errors.
if(curl_errno($ch)){
throw new Exception(curl_error($ch));
}
The PHP code above essentially tells cURL that we don’t care if the server has a valid SSL cert or not. We want to connect to it anyway.
The problem with this method is that it is insecure and it leaves you open to man-in-the-middle attacks. Simply put, this means that an attacker could potentially intercept the data that you are sending in your cURL requests.
Using a cert with PHP’s cURL functions.
To use a certificate with PHP’s cURL functions, you can download the cacert.pem certificate bundle from the official cURL website.
Once you have downloaded the cacert.pem file, you should move it to whatever directory makes the most sense for you and your setup.
For example, on Windows, I moved my bundle to C:\wamp\cacert.pem
Then, you can simply tell cURL where your certificate bundle is located by using the curl_setopt function:
//Tell cURL where our certificate bundle is located. $certificate = "C:\wamp\cacert.pem"; curl_setopt($ch, CURLOPT_CAINFO, $certificate); curl_setopt($ch, CURLOPT_CAPATH, $certificate);
This allows us to make a secure request to the server and prevent any man-in-the-middle attacks.
Adding the cert to your php.ini file.
If you don’t like the thought of having to specify the location of the certificate bundle in your PHP code, then you can add its path information to your php.ini file like so:
curl.cainfo="C:\wamp\cacert.pem" openssl.cafile="C:\wamp\cacert.pem"
Once you add the above lines to your php.ini file, make sure that you reload the web server / PHP process so that the changes take effect.
Enabling mod_ssl and php_openssl.dll.
If you are using Apache and PHP on Windows, then you might need to enable both mod_ssl and php_openssl.dll.
To enable mod_ssl, you can add the following to your Apache configuration file:
LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so
The configuration line above presumes that a file called mod_ssl.so exists in a Linux directory called “/usr/lib/httpd/modules/”.
On Windows, this directory might be something like “C:\wamp\bin\apache\apache2.4.9\modules\“.
You will need to change this line to match your own Apache setup.
To enable php_openssl.dll, you will need to uncomment the following line in your php.ini file:
extension=php_openssl.dll
As always, you should test your configurations and then reload your server for any changes to take effect.
“cURL error 60: SSL certificate problem: unable to get local issuer certificate” is a common error that occurs when your website tries to communicate with an external API via HTTPS and the SSL certificate on the server is not verified or properly configured. Although this error can be seen on any server you are more likely to see this issue on a localhost environment running on wampp/xampp.
Contact your web host to make sure that the SSL certificate is properly configured on the server. As of PHP 5.6 if the certificate is not verified you will also get a warning notice on your website.
How to fix cURL error 60: SSL certificate problem: unable to get local issuer certificate on localhost
1. Download the cacert.pem file from the official cURL website here.
2. Go the directory where you have installed xampp and put it in the ssl folder. For example,
C:\xampp\php\extras\ssl\cacert.pem D:\program\xampp\php\extras\ssl\cacert.pem
3. Open your php.ini file and search for “curl.cainfo”.
4. Once you have found it, specify the path to the .pem file in the curl.cainfo section. For example,
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
The line could be commented out with a semicolon right before curl.cainfo. So make sure to uncomment it and replace ;curl.cainfo = with the line above.
5. Restart Apache so the new changes take effect on your localhost server.
That should fix the cURL error 60 issue on your web server. If you have any other suggestions for fixing this issue feel free to share it in the comments.