I'm using Windows Server 2008 R2 (with IIS), PHP 5.6.0 and cURL 7.36.0 to test against PayPal's TLS test URL:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem');
$result = curl_exec($ch);
curl_close($ch);
When I use CURLOPT_CAINFO
and cacert.pem
from http://curl.haxx.se/docs/caextract.html it works and I get:
PayPal_Connection_OK
When I don't use CURLOPT_CAINFO
I get this error:
SSL certificate problem: unable to get local issuer certificate
I've tried this:
- mmc
- File > Add/remove snap-in
- Certificates (Local Computer)
- Trusted Root Certification Authorities > Certificates
- All tasks > Import
- Select
cacert.pem
- Message: "The import was successful"
However this has made no difference, I still have to use CURLOPT_CAINFO
for it to work.
Is there any way I can install all these root certificates on our Windows Server so that I don't have to use CURLOPT_CAINFO
and cacert.pem
with every call I make..?