2021. 5. 20. 14:16 | 개발 관련 GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) 문제Windows에서 구동되는 PHP에서 발생하는 문제, 리눅스 계열인 우분투 등지에선 본 적이 없는 오류인데, 찾아보니까 CA 인증 기관 파일이 없어서라고 한다. 정확한 이유는 모르겠지만... 해결먼저 다음 URL에서 cacert.pem 파일을 다운로드 받자. https://curl.haxx.se/ca/cacert.pem 해당 cacert.pem 파일을 다운로드 한 후에, 절대 경로로 찾기 편한 곳에 넣어주자. 나는 그냥 PHP 설치 폴더에 넣어줬다. "curl.cainfo" 값을 찾은 후에, 앞에 있는 주석 표시(;)을 제거한 후 cacert.pem 파일의 경로를 넣어주자. 여담이전에도 동일한 문제가 발생했는데, 포맷 후에도 또 이러길래 글을 쓴다. 거 사람 귀찮게 하네 IssueI'm trying to get composer to work on a remote Windows-machine which is using a proxy, but I always get this error when doing a composer install/update:
This is my composer.bat: @echo OFF :: in case DelayedExpansion is on and a path contains ! setlocal DISABLEDELAYEDEXPANSION set HTTP_PROXY=<proxyurl> php "%~dp0composer.phar" %*Obviously setting the proxy is needed, if I delete the line, the error becomes this:
composer diag gives me this (with the proxy set): I've been through a lot of posts and tutorials, but none of the answers work for me. (Some are just about curl and it's options to switch off the cert-check but that doesn't work for composer). Here's what I have tried:
All of this did not work, the error remains the same. Then I found a post which set a repository in composer.json and explicitely set the certfile for that repo, so I also tried it and added this to my composer.json: { "repositories": [{ "type": "composer", "url": "https://flex.symfony.com", "options" : { "ssl" : { "cafile" : "cacert.pem" } } }] }The file "cacert.pem" is in the same directory as my composer.json, now the error is this:
which is not that surprising, as trying to access "https://flex.symfony.com/packages.json" via a browser also gives me a 404. (Don't know if it makes a difference that all at a sudden "packages.json" couldn't be loaded while the cert-error complained about "versions.json", have no idea which is loaded first and if this error is a "good" sign.) This trial-and-error journey has been going on for days, I'm out of ideas, so any help is appreciated! SolutionFurther research led me to the proxy, which is ZScaler, being the problem. As stated in this post, ZScaler intercepts SSL traffic and re-encrypts it with its own certificate which is not trusted, so Composer (or any other program accessing sites via https) will complain with the above error that it's "unable to get local issuer certificate". So the solution must be to get the "ZScaler Intermediate Root CA" to be trusted on the server. (Which I can't do myself due to company policy, but anyone looking for a solution to the above problem probably has another hint now what to do.) Answered By - Select0r How do I fix curl 60 SSL certificate?Locate the curl certificate PEM file location 'curl-config --ca' -- > /usr/local/etc/openssl/cert.pem.. Use the folder location to identify the PEM file 'cd /usr/local/etc/openssl'. Create a backup of the cert.pem file 'cp cert.pem cert_pem.bkup'. How do I fix unable to get local issuer certificate?When ssl certificate problem unable to get local issuer certificate error is caused by a self-signed certificate, the fix is to add the certificate to the trusted certificate store. Open the file ca-bundle. crt located in the directory above, then copy and paste the Git SSL certificate to the end of the file.
What is a curl Error 60?Error “curl: (60) SSL certificate problem: unable to get local issuer certificate” can be seen when the SSL certificate on the server is not verified or properly configured.
How do I bypass a curl check certificate?To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid.
|