Unirest for PHP SSL certificate problem: unable to get local issuer certificate

If you receive this error, the message is very specific and you'll need to provide to your PHP distribution a valid certificate as you're trying to access a protected resource from a insecure start point.

This error is common if your work locally in your project, you can read the following article to learn how to implement a valid SSL Certificate in Wampp and Xampp for your PHP distribution.

However, if you're in a hurry and you're working locally, you can simply disable the verification of the peer in unirest to ignore this warning.

Before the execution of your main code, set the verifyPeer property to false :

Note : before testing, read the "why this happens" section and the risks that it has.

<?php
// Disables SSL cert validation temporary
Unirest\Request::verifyPeer(false); 
// Then continue with your work as usual ...
Unirest\Request::get('https://domainwithhttpsconnection/api/dothis');

Why this happens

libcurl performs peer SSL certificate verification by default. This is done by using a CA certificate store that the SSL library can use to make sure the peer's server certificate is valid.

If you communicate with HTTPS, FTPS or other TLS-using servers using certificates that are signed by CAs present in the store, you can be sure that the remote server really is the one it claims to be.

As mentioned before, there are 2 solutions :

  1. Tell cURL to not verify the peer. With libcurl you disable this with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

    With the curl command line tool, you disable this with -k/--insecure.

  2. Get a CA certificate that can verify the remote server and use the proper option to point out this CA cert for verification when connecting. For libcurl hackers: curl_easy_setopt(curl, CURLOPT_CAPATH, capath);

    With the curl command line tool: --cacert [file].

However, as we're using unirest, the library does the same effect as the first option using the verifyPeer(false) method.

You should use option 2 as thats the option that ensures that you are connecting to a secure server.

Become a more social person