Programmers learn & share
0 votes
118 views

Problem :

I have upgraded to PHP 5.6 I am getting an error as follows whenever I am trying to connect to the server via fsockopen().

The certificate on the server or host is self signed.

PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

My code as below

if($fp = fsockopen($host, $port, $errno, $errstr, 20)){
    $this->request = 'POST '.substr($this->url, strlen($this->host)).' HTTP/1.1'.$crlf
        .'Host: '.$this->host.$crlf
        .'Content-Length: '.$content_length.$crlf
        .'Connection: Close'.$crlf.$crlf
        .$body;
    fwrite($fp, $this->request);
    while($line = fgets($fp)){
        if($line !== false){
            $this->response .= $line;
        }
    }
    fclose($fp);
}

Have tried following

# cd /etc/ssl/certs/
# wget http://curl.haxx.se/ca/cacert.pem

The php.ini

openssl.cafile = "/etc/ssl/certs/cacert.pem"

But the script is still failing to work as expected.

by (7.5k points)   | 118 views

1 Answer

0 votes

Solution :

I was on my CentOS 7 and my php installation was pointing to the certificate that was generated by using update-ca-trust. And the symlink was /etc/pki/tls/cert.pem and was pointing to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem. This was just my test server and I wanted my self signed cert to work properly. So in my case as follows

# My root ca-trust folder was on below path and. I copied the .crt file to this location
# and also renamed it to a .pem
/etc/pki/ca-trust/source/anchors/self-signed-cert.pem
# After that run following command and it should regenerate the certs for you and
#will include your selfsigned cert file.also
update-ca-trust

After doing this some of my api calls started working as my cert was now trusted. After that I just ran the following command man update-ca-trust .

by (36.1k points)  
2,227 questions
2,734 answers
59 comments
241 users