I am using Windows Server 2008 R2 (with IIS), PHP 5.6.0 and cURL 7.36.0 to test the PayPal TLS test URL:
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FAILONERROR, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2 curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem'); $result = curl_exec($ch); curl_close($ch);
When I use CURLOPT_CAINFO and cacert.pem from http://curl.haxx.se/docs/caextract.html , it works and I get:
PayPal_Connection_OK
When I do not use CURLOPT_CAINFO , I get this error:
SSL certificate problem: local issuer certificate cannot be obtained
I tried this:
- MMS
- File> Add / Remove Snap-In
- Certificates (local computer)
- Trusted Root Certification Authorities> Certificates
- All Tasks> Import
- Choose
cacert.pem - Message: "Import was successful"
However, it didnβt make any difference, I still need to use CURLOPT_CAINFO to make it work.
Is there a way to install all of these root certificates on our Windows Server so that I donβt have to use CURLOPT_CAINFO and cacert.pem with every call I make ..?
source share