Learn how to solve the unable to get local issuer certificate error on your php distribution.


This error occur when the curl.cainfo and openssl.cafile config properties of the php.ini file, do not target any valid certificate that allow you to create connection with ssl as they will be invalid. You'll face it if you work with cURL or you use any kind of tool that creates request to external servers.

This issue is specifically thrown by the GuzzleHttp\Exception\RequestException and the GuzzleHttp\Ring\Exception\RingException classes, located in the Guzzle PHP HTTP Client. Many known projects like Symfony relies on this library to execute some tipic http tasks, like the creation of new projects (in the latest 3.0 version).

If you locate your php.ini file, and you search for [curl], these parameters will probably be commented and without any value :

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
;curl.cainfo=

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=

To solve it, we just need to provide the absolute path to a valid certificate (cacert.pem file) in both properties.

Solution

First, probably your distribution of php (using Wamp or Xampp or any of those) will probably contain a valid certificate but it isn't enabled.

Using the file system of your operative system, search for a file named cacert.pem in the folder of your installed distribution.

Cacert.pem file ssl curl

In this case, for Xampp v5.6.23 (PHP 5.6.23) the file exists and is inside the perl folder. Now copy the full filepath of the cacert.pem file into your clipboard.

Note

If your xampp (or other distribution) doesn't contain any file with this name, then download the cacert.pem file here and save it somewhere inside the xampp path and copy the path where you saved it in the clipboard.

Open the php.ini file once again and search for the [curl] area, now we are going to uncomment and change the value of curl.cainfo and openssl.cafile properties with the absolute path that we have in the clipboard (the path where the certificate is located) between double quotes ("path"):

Note

Even in some xampp distributions, in your php.ini you will not find the curl or openssl area, therefore just add it at the end of the php.ini file and save changes.

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo ="C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"

[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile="C:\xampp\perl\vendor\lib\Mozilla\CA\cacert.pem"

Finally restart apache and any other services like mysql and try doing again whatever you were doing. The request now should be working without any problem.

Have fun !


Senior Software Engineer at Software Medico. Interested in programming since he was 14 years old, Carlos is a self-taught programmer and founder and author of most of the articles at Our Code World.

Sponsors