“SSL certificate problem: unable to get local issuer certificate” is an error message WordPress kept presenting to me when i was trying to integrate my Instagram / Twitter feed in to this blog. The good news is the fix is really easy, once you know how!
Basically the problem was a PHP configuration issue on my server, i needed to have a list of up to date public Certificate Authorities defined in my php.ini file.
I found a list of public Certificate Authorities that were extracted from Mozilla’s root certificates file, these are used in the FireFox webbrowser.
This list contained the certificates in PEM format, therefore could be directly used with curl / libcurl / php_curl, or with an Apache+mod_ssl webserver for SSL client authentication.
How to fix the unable to get local issuer certificate problem:
- Downloaded the cacert.pem (mirror) which has been extracted from Mozilla’s root certificates file
- Opened your PHP.ini file, the location of this will vary depending on your configuration.
- Then added the following line: curl.cainfo=C:\inetpub\cacert.pem
Remember to change C:\inetpub\ to the path of your cacert.pem file.
As my webserver is IIS i placed the cacert.pem in C:\inetpub so IIS had access to it.
After the PHP configuration has been updated re-start your webserver, you should then no longer get errors such as “SSL certificate problem: unable to get local issuer certificate”
A simple fix once you know how.
3 Comments
I don’t think this issue is only related to IIS. I have seen the same issue on Xammp installations aswell. So will be interesting to try your solution for that!
I have the same issue in WAMP (Windows Apache 24 php 5.3). I add this certicifate in c:apache and add your instruction in my php.ini file and update is ok now. Thanks for sharing
Hi Matt,
this has been a great hint and help. I have had severe problems with Google Client PHP API OAuth clients and cURL.
Best
Axel Arnold Bangert – Herzogenrath 2016