Backend Development
PHP Tutorial
How to fix PHP Curl HTTPS Certificate Authority issues on Windows
How to fix PHP Curl HTTPS Certificate Authority issues on Windows
Nov 11, 2024 pm 12:24 PM
A successful HTTPS request involves the HTTP client validating the server-provided TLS certificate against a list of known and trusted root certificates. The PHP Curl extension is not different; the Curl extension uses libcurl to make the HTTPS request, and libcurl, which in turn uses a TLS library such as OpenSSL to validate the request.
The Curl extension requires a valid file containing all of the trusted root certificates to complete the HTTPS validation, and PHP exposes this as a directive in the php.ini file.
On Linux, BSD, and macOS, libcurl can default to the system root certificates, but this is not possible on Windows because Windows does not come with a single file containing all of the system root certificates.
This article discusses two possible approaches to successfully make HTTPS requests on with the Curl extension, and what not to do that can leave HTTPS requests insecure.
Why it fails
$ch?=?curl_init('https://php.watch');??
curl_setopt($ch,?CURLOPT_RETURNTRANSFER,?true);??
curl_exec($ch);?//?false??
curl_error($ch);
//?SSL?certificate?problem:?unable?to?get?local?issuer?certificate
If the curl_exec calls fail with a false response, and if curl_error indicates an SSL certificate problem: unable to get local issuer certificate error, this means Curl was not provided a file containing root certificates, or it was unable to discover it.
This error is uncommon on Linux, BSD, and macOS systems, but quite common on Windows because there is no designated file to obtain the root certificates, and the PHP does not ship a root certificate list on its own.
The solution is to provide a file containing up to date root certificates, or ideally, let Curl parse the native root store that the underlying operating system provides.
Use Native Certificate Authorities
On Curl 7.71 and later, it is possible to set a Curl option to request Curl to use the native (system) root certificates. This works even on Windows, where Curl parses system root certificates and uses them.
When CURLOPT_SSL_OPTIONS option is set to CURLSSLOPT_NATIVE_CA or a bitmask containing those bits, Curl attempts to use the native root certificate store, subject to the capabilities and versions of the underlying TLS library.
This is the recommended fix, if the Curl extension is built with Curl 7.71 or later and PHP 8.2 and later.
?$ch?=?curl_init('https://php.watch');
??curl_setopt($ch,?CURLOPT_RETURNTRANSFER,?true);
???curl_setopt($ch,?CURLOPT_SSL_OPTIONS,?CURLSSLOPT_NATIVE_CA);
????curl_exec($ch);
Note the snippet above does not check the Curl version and the PHP version, and assumes both PHP and Curl version requirements are met. The following is an example showing conditionally adding the Curl option:
$ch?=?curl_init('https://php.watch');??
curl_setopt($ch,?CURLOPT_RETURNTRANSFER,?true);??
if?(defined('CURLSSLOPT_NATIVE_CA')??
??&&?version_compare(curl_version()['version'],?'7.71',?'>='))?{??
????curl_setopt($ch,?CURLOPT_SSL_OPTIONS,?CURLSSLOPT_NATIVE_CA);
}??
curl_exec($ch);
Download and maintain a cacert.pem file
For applications running on PHP versions older than 8.2 (where CURLSSLOPT_NATIVE_CA constant is unavailable), or when the Curl version is older than 7.71, the recommended alternative solution is to download a Curl-compatible root certificate file, and configure PHP or the Curl request to use it.
The Curl project maintains an up to date list of certificates. See CA Certificates extracted from Mozilla.
Download the cacert.pem file
- Move the file to a directory accessible by PHP and the web server. For example, to C:/php/cacert.pem.
Edit the php.ini file and modify the curl.cainfo entry to point to the absolute path to the cacert.pem file.
$ch?=?curl_init('https://php.watch');?? curl_setopt($ch,?CURLOPT_RETURNTRANSFER,?true);?? curl_exec($ch);?//?false?? curl_error($ch); //?SSL?certificate?problem:?unable?to?get?local?issuer?certificateOptionally, restart the Web server (such as Apache) to reload the INI file.
The downside of this approach is that the cacert.pem file must be updated routinely. The cacert.pem file provided by Curl project, for example, is extracted from the root store maintained by Mozilla. On average, this list and the file get updated 4-5 times a year. To ensure compatibility with the latest root certificates list, make sure to update the local copy of this file regularly
If it is not possible to modify the INI file, specify the absolute path to the cacert.pem file within a Curl request as well:
?$ch?=?curl_init('https://php.watch');
??curl_setopt($ch,?CURLOPT_RETURNTRANSFER,?true);
???curl_setopt($ch,?CURLOPT_SSL_OPTIONS,?CURLSSLOPT_NATIVE_CA);
????curl_exec($ch);
On PHP 8.2 ?with Curl 7.77, it is possible to a string containing the cacert.pem contents with the CURLOPT_CAINFO_BLOB option.
The above is the detailed content of How to fix PHP Curl HTTPS Certificate Authority issues on Windows. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
A Simple Guide to PHP Setup
Jul 18, 2025 am 04:25 AM
The key to setting up PHP is to clarify the installation method, configure php.ini, connect to the web server and enable necessary extensions. 1. Install PHP: Use apt for Linux, Homebrew for Mac, and XAMPP recommended for Windows; 2. Configure php.ini: Adjust error reports, upload restrictions, etc. and restart the server; 3. Use web server: Apache uses mod_php, Nginx uses PHP-FPM; 4. Install commonly used extensions: such as mysqli, json, mbstring, etc. to support full functions.
Tips for Writing PHP Comments
Jul 18, 2025 am 04:51 AM
The key to writing PHP comments is to clarify the purpose and specifications. Comments should explain "why" rather than "what was done", avoiding redundancy or too simplicity. 1. Use a unified format, such as docblock (/*/) for class and method descriptions to improve readability and tool compatibility; 2. Emphasize the reasons behind the logic, such as why JS jumps need to be output manually; 3. Add an overview description before complex code, describe the process in steps, and help understand the overall idea; 4. Use TODO and FIXME rationally to mark to-do items and problems to facilitate subsequent tracking and collaboration. Good annotations can reduce communication costs and improve code maintenance efficiency.
Writing Effective PHP Comments
Jul 18, 2025 am 04:44 AM
Comments cannot be careless because they want to explain the reasons for the existence of the code rather than the functions, such as compatibility with old interfaces or third-party restrictions, otherwise people who read the code can only rely on guessing. The areas that must be commented include complex conditional judgments, special error handling logic, and temporary bypass restrictions. A more practical way to write comments is to select single-line comments or block comments based on the scene. Use document block comments to explain parameters and return values at the beginning of functions, classes, and files, and keep comments updated. For complex logic, you can add a line to the previous one to summarize the overall intention. At the same time, do not use comments to seal code, but use version control tools.
Improving Readability with Comments
Jul 18, 2025 am 04:46 AM
The key to writing good comments is to explain "why" rather than just "what was done" to improve the readability of the code. 1. Comments should explain logical reasons, such as considerations behind value selection or processing; 2. Use paragraph annotations for complex logic to summarize the overall idea of functions or algorithms; 3. Regularly maintain comments to ensure consistency with the code, avoid misleading, and delete outdated content if necessary; 4. Synchronously check comments when reviewing the code, and record public logic through documents to reduce the burden of code comments.
Learning PHP: A Beginner's Guide
Jul 18, 2025 am 04:54 AM
TolearnPHPeffectively,startbysettingupalocalserverenvironmentusingtoolslikeXAMPPandacodeeditorlikeVSCode.1)InstallXAMPPforApache,MySQL,andPHP.2)Useacodeeditorforsyntaxsupport.3)TestyoursetupwithasimplePHPfile.Next,learnPHPbasicsincludingvariables,ech
Effective PHP Commenting
Jul 18, 2025 am 04:33 AM
The key to writing PHP comments is clear, useful and concise. 1. Comments should explain the intention behind the code rather than just describing the code itself, such as explaining the logical purpose of complex conditional judgments; 2. Add comments to key scenarios such as magic values, old code compatibility, API interfaces, etc. to improve readability; 3. Avoid duplicate code content, keep it concise and specific, and use standard formats such as PHPDoc; 4. Comments should be updated synchronously with the code to ensure accuracy. Good comments should be thought from the perspective of others, reduce the cost of understanding, and become a code understanding navigation device.
Mastering PHP Block Comments
Jul 18, 2025 am 04:35 AM
PHPblockcommentsareusefulforwritingmulti-lineexplanations,temporarilydisablingcode,andgeneratingdocumentation.Theyshouldnotbenestedorleftunclosed.BlockcommentshelpindocumentingfunctionswithPHPDoc,whichtoolslikePhpStormuseforauto-completionanderrorche
Quick PHP Installation Tutorial
Jul 18, 2025 am 04:52 AM
ToinstallPHPquickly,useXAMPPonWindowsorHomebrewonmacOS.1.OnWindows,downloadandinstallXAMPP,selectcomponents,startApache,andplacefilesinhtdocs.2.Alternatively,manuallyinstallPHPfromphp.netandsetupaserverlikeApache.3.OnmacOS,installHomebrew,thenrun'bre
