I'm using Windows Server 2008 R2 (with IIS), PHP 5.6.0 and cURL 7.36.0 to test against PayPal's TLS test URL:
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FAILONERROR, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2 curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem'); $result = curl_exec($ch); curl_close($ch);
When I use
cacert.pem from http://curl.haxx.se/docs/caextract.html it works and I get:
When I don't use
CURLOPT_CAINFO I get this error:
SSL certificate problem: unable to get local issuer certificate
I've tried this:
- File > Add/remove snap-in
- Certificates (Local Computer)
- Trusted Root Certification Authorities > Certificates
- All tasks > Import
- Message: "The import was successful"
However this has made no difference, I still have to use
CURLOPT_CAINFO for it to work.
Is there any way I can install all these root certificates on our Windows Server so that I don't have to use
cacert.pem with every call I make..?