I have a strange problem with PHP and cURL using windows.
If have a cURL call to a https resource. Everything went fine until this morning. Now cURL throws this error when requesting the URL:
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I have read about .pem files or disabling the verification of the host. But I don’t want to use either of them, because I’m wondering what is causing the problem.
How could cURL verify the URLs until today? Does it use some system CA info?
I haven’t done any update to PHP or cURL in the last day.
Most likely the server’s certificate has expired, or has been replaced with a self-signed certificate, a certificate issued by a CA that you do not trust, or one issued to the wrong subject.
Whatever the problem is, it is server side and nothing to do with your code – you should contact the people who operate the service you are consuming and inform them of the problem.
You can visit the URL in a browser to easily inspect the certificate – the browser will most likely give you a nice human readable message telling you exactly what the problem is, as it wont be able to verify the certificate either.
Once you have contacted the service provider to verify that they do indeed have a problem with their certificate and this is not a case of somebody trying to trick you into using the wrong server (this is, after all, one of the major purposes of SSL) you can skip verification of the server certificate as a temporary fix.