cURL in PHP to access protected sites

So I was trying to use the FaceBook PHP-SDK and ran into an issue. As the cURL was pointing to an HTTPS source I was getting this error:
Failed: Error Number: 60. Reason: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The problem was that cURL hasnt been configured to trust the servers HTTPS certificate, as by default cURL is not setup to trust any of the Certificate Authorities (CAs)
Browsers dont have this issue as the browser developers were kind enough to include a list of default CAs, however this doesnt help us out at all…

A quick fix is to simply configure cURL to accept any server certificate. Obviously from a security point of view this isnt great, but if you are not passing sensitive information back and forth you should be ok.

Before calling curl_exec() add the following code:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
This causes cURL to blindly accept an server certificate without doing any verification with the CA that issued it.

The Proper Fix
The proper fix is slightly more involved so I plan to cover it at a later stage. If you cant wait that long research the curlopt_cainfo parameter, and obtaining (and saving) a CA certificate to enable cURL to trust it.

2 thoughts on “cURL in PHP to access protected sites”

  1. Thanks man …
    It really helps me…Only in this site I found solution to my problem.
    Simply: curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

Leave a Comment

Your email address will not be published. Required fields are marked *