Home » Php » curl – PHP Problem with the SSL CA cert (path? access rights?)

curl – PHP Problem with the SSL CA cert (path? access rights?)

Posted by: admin April 23, 2020 Leave a comment

Questions:

I get this error:

“Problem with the SSL CA cert (path? access rights?)”

When doing:

$curl = curl_init('https://example.com' . ($method == 'GET' && $params ? '?' . $params : ''));

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); 
$response = curl_exec($curl);

print curl_error($curl)

Works ok on another server.

The SSL is using NSS.
PHP 5.3.6

How to&Answers:

Had this happen to two servers which use the PayPal IPN, both at around the same time.

Fix was to restart Apache.

Answer:

If you are getting “Problem with the SSL CA cert (path? access rights?)” it may very well mean that you have either deleted everything from /etc/pki/tls/certs/ or have set invalid permissions (CHMOD).

If you are using RHEL/CentOS, try yum reinstall openssl ca-certificates -y

Answer:

Just upgraded to PHP 5.5.17 and this is when the trouble started. The server runs PayPal transactions and cURL started failing on this error: “Problem with the SSL CA cert (path? access rights?)”.

I tried regenerating the certs, modifying the curl options, nothing was getting me anywhere. The solution was to simply reboot the server (CentOS 6.5 in my case). Hope this helps someone.

Answer:

It happen to me after update of packages.

Once I restarted the apache it got fixed.

Then I installed it at production server and I got it again.
This time it was mess at the certificates under /etc/pki/tls/certs/

Backup the files and this command will fix it:

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

Answer:

got it working by renaming the nssdb:

mv /etc/pki/nssdb /etc/pki/nssdb.old

Answer:

On Ubuntu, you need to install CA certificates to allow SSL-based applications to check for the authenticity of SSL connections by:

sudo apt-get install ca-certificates

See: cURL not working (Error #77) for SSL connections