Asked  9 Months ago    Answers:  5   Viewed   132 times

I use WAMP on a local development environment and am trying to charge a credit card but get the error message:

cURL error 60: SSL certificate problem: unable to get local issuer certificate

I searched a lot on Google and lots of people are suggesting that I download this file: cacert.pem, put it somewhere and reference it in my php.ini. This is the part in my php.ini:

curl.cainfo = "C:Windowscacert.pem"

Yet, even after restarting my server several times and changing the path, I get the same error message.

I use WAMP from the Apache Modules and have the ssl_module enabled. And from the PGP extensions I have php_curl enabled.

Still the same error message. Why is that happening?

Now I am following this fix: How to fix PHP CURL Error 60 SSL

Which suggests that I add these lines to my cURL options:

curl_setopt($process, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, true);

Where do I add options to my cURL? Apparently not through the command line, since my CLI doesn't find the command "curl_setopt"

EDIT

This is the code I am running:

public function chargeStripe()
{
    $stripe = new Stripe;
    $stripe = Stripe::make(env('STRIPE_PUBLIC_KEY'));

    $charge = $stripe->charges()->create([
        'amount'   => 2900,
        'customer' => Input::get('stripeEmail'),
        'currency' => 'EUR',
    ]);

    dd($charge);

    // echo $charge[Input::get('stripeToken')];


    return Redirect::route('step1');
}

 Answers

43

Working solution assuming your on Windows using XAMPP:

XAMPP server

  1. Similar for other environment
    • download and extract for cacert.pem here (a clean file format/data)

https://curl.haxx.se/docs/caextract.html

  1. Put it here in the following directory.

C:xamppphpextrassslcacert.pem

  1. In your php.ini put this line in this section ("c:xamppphpphp.ini"):
;;;;;;;;;;;;;;;;;;;;
; php.ini Options  ;
;;;;;;;;;;;;;;;;;;;;

curl.cainfo = "C:xamppphpextrassslcacert.pem"
  1. Restart your webserver/apache

  2. Problem solved!

(Reference: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate)

Wednesday, March 31, 2021
 
coolguy
answered 9 Months ago
63

This looks to be a bug in homebrew's curl formula for which I have just submitted a fix. https://canvas.instructure.com/ has a certificate issued by GoDaddy and those don't seem to be working with a brewed curl that uses a brewed openssl. If/when the maintainers of homebrew accept my patch, you'll be able to simply get this fix with:

$ brew rm curl # remove your broken brewed curl
$ brew update
$ brew install --with-openssl curl

Until that happens, you can install the fix directly from my pull request like this:

$ brew rm curl # remove your broken brewed curl
$ brew install --with-openssl https://raw.githubusercontent.com/asaph/homebrew/curl-openssl-godaddy-ca-bug/Library/Formula/curl.rb

Update:

The homebrew maintainers merged my patch so the fix is officially in homebrew now. So just run the first 3 commands I described above. No need to install from the pull request anymore.

Wednesday, March 31, 2021
 
diegoiglesias
answered 9 Months ago
11

The issue here is not use of a HTTPS page. It's the TLS communication between your server (local machine in this case) and Stripe. A few months ago, Stripe published a blog post explaining that, for security reasons, they'd be deprecating some old protocols that are considered insecure. You can read more about this here:

https://stripe.com/blog/upgrading-tls

Right now, if you are hitting this issue your server or machine is defaulting to use TLS 1.0 instead of the required TLS 1.2.

Usually this is due to outdated software or a configuration issue on your machine. What I'd recommend is that you look into Stripe's support articles which detail how to test your code, as well as upgrade paths (including a bit of detail specific for Mac OS and MAMP --- essentially you will need to run your application with system php rather than the version bundled with MAMP):

https://support.stripe.com/questions/how-do-i-upgrade-my-stripe-integration-from-tls-1-0-to-tls-1-2#php

Moreover, if you find TLS 1.2 is not supported by your system, you should upgrade your server to properly support TLS 1.2. This may require upgrading the operating system, curl, openssl and/or language libraries.

https://support.stripe.com/questions/how-do-i-upgrade-my-openssl-to-support-tls-1-2

This test script can be helpful in identifying library versions used by your PHP install: https://gist.github.com/olivierbellone/9f93efe9bd68de33e9b3a3afbd3835cf

If you're using a 3.x version of the PHP library, you may consider upgrading to the 4.x branch. While updating your system libraries is the best solution here, the 4.x branch allows you to pass the CURLOPT_SSLVERSION flag, which may allow some versions of PHP/curl to successfully communicate over TLS 1.2.

https://github.com/stripe/stripe-php#ssl--tls-compatibility-issues

Wednesday, March 31, 2021
 
e_i_pi
answered 9 Months ago
80

The issue is that the data field is not an object, but an array of objects. Sticking with the $customer = $customers->__toArray(true); method, you should try the following:

echo $customer['data'][0]['id'];

If you wish to iterate through all customers, try doing this:

foreach($customer['data'] as $currentCustomerData){
    // do stuff here
}
Saturday, May 29, 2021
 
Kemrop
answered 7 Months ago
87

jww is right — you're referencing the wrong intermediate certificate.

As you have been issued with a SHA256 certificate, you will need the SHA256 intermediate. You can grab it from here: http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

Monday, June 28, 2021
 
liquidmotion
answered 6 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share