PHP CURL and Peer Certificate Issue
I have been using the Microsoft Translator API for some time, and it worked great. This API requires the “Access Token” to validate all the AJAX calls, and it has been working fine for months.
Now a few days back, it broke, and when debugging the issue, I found that it was failing with the following exception:
“Exception’ with message ‘Peer certificate cannot be authenticated with known CA certificates”
Now a good secure way to detect and resolve this issue is to investigate why this certificate is not being verified. But since in this case was the site was of Microsoft, I simply decided to skip the authentication. All you need to do is add an option in curl for this:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); |
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
This solved the issue very well.
BTW, on a side tip, following code to check and detect for the CURL execution failure works well for me:
//Get the Error Code returned by Curl. $curlErrno = curl_errno($ch); if($curlErrno){ $curlError = curl_error($ch); throw new Exception($curlError); } |
//Get the Error Code returned by Curl. $curlErrno = curl_errno($ch); if($curlErrno){ $curlError = curl_error($ch); throw new Exception($curlError); }
Hope this helps.
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
For such errors, you should never ignore them by setting CURLOPT_SSL_VERIFYPEER to false, instead a proper method is to import the correct server certificate and then pass it to the CURL via the CURLOPT_CAINFO option. The following tutorial cover this in detail (see The proper fix section):
Using cURL in PHP to access HTTPS (SSL/TLS) protected sites
This entry was posted
on Thursday, June 21st, 2012 at 11:44 am and is filed under PHP.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Feedback & Comments
No Responses