I'm trying to fix a php_curl call on a Windows server (running IIS) that is returning the familiar error "SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed".
As detailed in many related questions here, I downloaded http://curl.haxx.se/ca/cacert.pem, moved it to my server's hard drive, and added the curl.cainfo setting to my php.ini:
curl.cainfo = "C:\path\to\cacert.pem"
Nothing, still getting the same error. However, specifying the path in the PHP code results in a successful response!
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CAINFO, "C:\path\to\cacert.pem");
$response = curl_exec($ch);
This does give me a workaround I can use for now, but I'm maintaining a large application with php_curl calls in many places, so it would be more logical to specify this setting once in php.ini so it applies to all php_curl calls in the application.
Potential dumb mistake checking:
Trying to look at the ini setting directly shows that PHP doesn't seem to know anything about it (am I doing this right?):
var_dump(ini_get('curl.cainfo'));
==> bool(false)
Any ideas why PHP wouldn't read the curl.cainfo setting?
A coworker informed me that this curl php.ini setting was not added until PHP 5.3.7: http://www.php.net/manual/en/curl.configuration.php#ini.curl.cainfo
The particular test server I was working with was running an older version than that, so PHP wasn't reading that setting from php.ini.