How to Fix cURL Error 60: SSL Certificate Issues with Self-Signed Certificates?

cURL Error 60: SSL Certificate Issues with Self-Signed Certificates

When attempting to retrieve an access token using cURL from VK's authorization endpoint, users might encounter error 60, indicating a "self signed certificate in certificate chain" issue. This occurs despite manual access to the endpoint being successful.

Understanding the Error

The error arises from a lack of a valid Certification Authority (CA) root certificate bundle in your PHP installation. This bundle contains cryptographic signatures that cURL uses to verify a host's SSL certificate. Without this verification, cURL cannot establish a secure connection and returns the SSL certificate error.

Solution

To resolve this issue, ensure you have an up-to-date CA root certificate bundle installed. You can download one from http://curl.haxx.se/docs/caextract.html.

Once downloaded, update your PHP configuration:

In php.ini, add:

curl.cainfo = <absolute_path_to> cacert.pem

Or, if setting it at runtime:

curl_setopt ($ch, CURLOPT_CAINFO, dirname(__FILE__)."/cacert.pem");

Note:

Disable CURLOPT_SSL_VERIFYPEER is not recommended as it can compromise security and make your application vulnerable to SSL certificate attacks.

The above is the detailed content of How to Fix cURL Error 60: SSL Certificate Issues with Self-Signed Certificates?. For more information, please follow other related articles on the PHP Chinese website!