cURL requires CURLOPT_SSL_VERIFYPEER=FALSE

Question

I was using cURL on my localhost for the longest time and all the sudden I noticed it no longer works unless I explictly set the option, CURLOPT_SSL_VERIFYPEER=FALSE.

I have no idea how/when this changed but I'm using NGINX and PHP and I can verify that this is not a specific issue to a specific requested host. I'm getting blank responses from https://site1.com and https://different-site.com.

Anyone have any thoughts?

I love this hidden gem, it explains how you can use certificates to verify hosts. — Dave Chen
@DaveChen and -@Young thanks but do you have a sense as to why I didn't need to supply a certificate before, but do now? — tim peterson
From another answer on the same question. cURL used to bundle CA certs, but now you must download them manually and pass them to cURL or give a default value within PHP. — Dave Chen
those answers are 2 years old, this problem has arose for me in the last month. — tim peterson

tim peterson tim peterson · Accepted Answer · 2013-09-24T03:56:54

Thanks to Dave Chen's suggestions, I realized I must have misplaced my certificate. The problem is solved by this certificate which is provided by the cURL creator (extracted from Mozilla): https://curl.haxx.se/ca/cacert.pem

So after downloading this cacert.pem file into your project, in PHP you can now do this:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/cacert.pem");

Alternatively, this can be set globally by adding the following to your php.ini

curl.cainfo=/path/to/cacert.pem

cURL requires CURLOPT_SSL_VERIFYPEER=FALSE

3 Answers