Part 1 – The CURL command-line program

If curl is not set up correctly for SSL (HTTPS) data transfers an error is displayed. The error message starts like this:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

There are several options to solve this problem:

• Ignore the problem and add -k to the command line. This is not recommended.
• Download the latest cacert.pem file. Specify this file using the command line option –cacert <path>/cacert.pem.
• Download the latest cacert.pem file. Set the environment variable “set CURL_CA_BUNDLE=<path>/cacert.pem”.
• On Windows put “curl-ca-bundle.crt” in your path. The bundle is part of the Windows download.

I see this problem pop up on StackOverflow often.

Curl documentation on this issue.

Download Curl for Windows and Linux.

Download cacert.pem for all platforms.

Part 2 – PHP Programs

When running a PHP program and you receive an error containing the following text:

• Download the latest cacert.pem file.
• Copy cacert.pem to where you have PHP installed. For example if the base directory for PHP is c:\php74copy cacert.pem to c:\php74\extras\ssl\cacert.pem.
• Note: PHP is sometimes configured to use a webserver based directory. Check the php.ini file for the location specified by curl.cainfo. The filename might be different as well. Example: cur-ca-bundle.crt.
• Modify the php.ini file to include the following line. Adjust to specify your PHP directory.
  • curl.cainfo = "C:\php74\extras\ssl\cacert.pem"
• If you are running under a webserver, restart Apache/Nginx/etc.

John Hanley

I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.

For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.