reading SSL page with CURL (php)

I am trying to download the content of a secure (uses https) webpage using php and curl libraries.

However, reading failed and I get error 60: "SSL certificate problem, verify that the CA cert is OK."

also "Details: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

So...pretty self explanatory error msg's.

My question is: How do I send an SSL certificate (the right one?) and get this page to verify it and let me in?

Also, here is my options array in case you are wondering:

    $options = array(
        CURLOPT_RETURNTRANSFER => true,     // return web page
        CURLOPT_HEADER         => false,    // don't return headers
        CURLOPT_FOLLOWLOCATION => true,     // follow redirects
        CURLOPT_ENCODING       => "",       // handle all encodings
        CURLOPT_USERAGENT      => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:x.x.x) Gecko/20041107 Firefox/x.x", // who am i
        CURLOPT_AUTOREFERER    => true,     // set referer on redirect
        CURLOPT_CONNECTTIMEOUT => 120,      // timeout on connect
        CURLOPT_TIMEOUT        => 120,      // timeout on response
        CURLOPT_MAXREDIRS      => 10,       // stop after 10 redirects

Any suggestions would be great, Andrew


It sounds like you might be misinterpreting the error. It looks to me like the site you're connecting to is self-signed or some other common problem. Just like the usual browser warning, you're easiest work around is to disable the checks.

You'll need to set CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to FALSE. This should disable the two main checks. They may not both be required, but this should at least get you going.

To be clear, this disables a feature designed to protect you. Only do this if you have verified the certificate and server by some other means.

More info on the PHP site: curl_setopt()

If you want to use SSL peer verification (turning it off is not always good idea) you may use next solution on Windows globally for all applications:

  1. Download file with root certificates from here:
  2. Add to php.ini:


that's all magic, CURL can now verify certificates.

(as I know there is no such problem on Linux, at least on Ubuntu)

Even after following advice on SO.. You may still have problems with an error like:

error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

the problem is with the SSL version. Use the following for version 3

curl_setopt($ch, CURLOPT_SSLVERSION,3)

I am assuming that u have enabled verification of peer and host as well and are pointing to an actual certificate file. Eg.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/cacert.pem");

This is a "problem" with openssl and VeriSign.

I had a similar problem and my openssl was missing the intermediate ssl certificate used by VeriSign to sign the server certificate.

I had to import these intermediate certificates from the VeriSign Homepage or Firefox cert-database-export into my local ca-certificates list and after this step I was able to use wget/curl to use the protected connection without any errors.

If it's a developer machine - you can also add this certificate in you system. Something like this - It's for WinXP, but it works also on other versions of windows.

You're not SENDing the SSL cert. It appears there's a problem with the SSL cert as it is installed on the host you are contacting. Use option -k or --insecure, to get past the complaint.

Ah. See Ryan Graham's answer

This is apparently on openssl bug. Tomcat can be configured to work around this in /etc/tomcat7/server.xml by restricting the available cipher list:

<Connector protocol="HTTP/1.1" SSLEnabled="true" ... ciphers="SSL_RSA_WITH_RC4_128_SHA"/>

Need Your Help

Permutation of n numbers

java algorithm permutation combinatorics

I need to generate all permutations for a list of numbers. List of numbers will be from 1 to n. Also the size of permutation can be 1 to m. So if given n=4, m=3, i need to have permutations:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.