SSL certificate protects the communication exchanged between the server and the browser , which prevents data interception of a third party. It makes SSL/TLS encryption possible, and they contain the website's public key and the website's identity, along with related information.
Reason for unable to get local issuer certificate
Your SSL certificate's primary purpose is to confirm authentication and ensure a secure exchange of information between the server and the client by referring the HTTPS protocol. When you connect to the web-server to establish SSL connection you as a client get server's certificate in the handshake. This certificate and its private key are used to establish the SSL connection. Client wants to ensure that the server's certificate is trusted and is not created by some man-in-the middle attacker. So, Client need to have the CA certificate that signed the server certificate. The problem here is that this TLS server doesn't send a complete cert chain in the handshake, which it should according to standards. More specifically, it doesn't send the intermediate certificate.
Solution: Unable to get Local Issuer Certificate
The best solution is to purchase the SSL certificate from a trustworthy CA and install the same. The real and proper fix should be done by the server admins because this is a server setup problem.
Change php.ini (Maintain SSL)
- Download cacert.pem from https://curl.haxx.se/ca/cacert.pem
- Then, copy cacert.pem into your version of zend/openssl.
For example, '/usr/local/openssl0.9.8/certs/cacert.pem'.
- Mdify the CURL configuration by adding:
"cainfo = '/usr/local/openssl-0.9.8/certs/cacert.pem'"
Without Altering php.ini file (Maintain SSL)
For .CRT Format
- Go for the SSL bundle – ca-bundle.crt
- You can acquire the SSL bundle by copying the below URL content on your server.
Different servers have different ways to restart PHP. After restarting PHP and see whether the CURL is able to read HTTPS URL or not.
To help Git find the CA bundle, use the below-mentioned command:
Use the following command to disable the verification of your SSL certificate :
If neither of the two options work, consider removing and reinstalling Git .
Disable SSL (Not advisable)
This is essentially disabling SSL verification . You can disable certificate verification completely which then will allow your program to continue. Only do that for experiments, never for production.