Results 1 to 6 of 6

Thread: SSL certificate problem: unable to get local issuer certificate

  1. #1
    evetools is offline Junior Member
    Join Date
    Jul 2014
    Posts
    21

    Default SSL certificate problem: unable to get local issuer certificate

    I've been using altervista for a few months now for a tool that I've built. The code I've used is pretty straight-forward and it was working well. A few hours ago I've started seeing this problem when calling a callback function using curl:
    SSL certificate problem: unable to get local issuer certificate

    This is the code that produces the error:
    Code:
        //Do the initial check.
        $header='Authorization: Basic '.base64_encode($client_id.':'.$secret);
        $fields_string='';
        $fields=array(
                    'grant_type' => 'authorization_code',
    
        //Do the initial check.
        $header='Authorization: Basic '.base64_encode($client_id.':'.$secret);
        $fields_string='';
        $fields=array(
                    'grant_type' => 'authorization_code',
                    'code' => $code
                );
        foreach ($fields as $key => $value) {
            $fields_string .= $key.'='.$value.'&';
        }
        $fields_string = rtrim($fields_string, '&');
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $token_url);
        curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
        curl_setopt($ch, CURLOPT_POST, count($fields));
        curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        // While using this is optional, it may be required if you encounter
        // the "SSL certificate problem: unable to get local issuer certificate"
        // error when calling the API using curl.
        //curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
    
        $result = curl_exec($ch);
    
        if ($result===false) {
            auth_error(curl_error($ch));
        }
    I've tried setting CURLOPT_SSL_VERIFYPEER to false, but even that produces the same error. Has something changed on the Altervista side to suddenly cause this?

    The very same code runs well on my local server.
    Last edited by evetools; 03-11-2015 at 09:10 PM.

  2. #2
    karl94 is offline AlterVista Staff
    Join Date
    Jan 2015
    Posts
    573

    Default

    Could you please provide the URL of the resource that your script is trying to retrieve?

  3. #3
    evetools is offline Junior Member
    Join Date
    Jul 2014
    Posts
    21

    Default

    This is the URL: https://login.eveonline.com/oauth/token

    This is a short explanation on what it's doing:
    At this point in time your website has the authorization code. The only thing the authorization code is good for is to obtain an access token.

    It is also important to note that the authorization code is single use only.

    The you need to make an HTTP POST to https://login.eveonline.com/oauth/token to exchange the authorization code with an access token, and it looks like this:

    POST https://login.eveonline.com/oauth/token HTTP/1.1

    Authorization: Basic bG9...ZXQ=
    Content-Type: application/x-www-form-urlencoded
    Host: login.eveonline.com

    grant_type=authorization_code&code=gEyuYF_rf...ofM 0

  4. #4
    evetools is offline Junior Member
    Join Date
    Jul 2014
    Posts
    21

    Default

    Is there any news regarding this?

  5. #5
    saitfainder's Avatar
    saitfainder is offline AlterVista Staff
    Join Date
    Feb 2010
    Posts
    300

    Default

    The issue is related to the SSL certificate you're using. The cURL error says that the certificate chain cannot be verified because of the lack of the issuer certificate on our servers.

    So the only solution is to ignore the certificate chain check using this setting (I tested it and it works):

    PHP Code:
    curl_setopt($chCURLOPT_SSL_VERIFYPEERfalse);
    curl_setopt($chCURLOPT_SSL_VERIFYHOST2); 
    We don't made any changes related to SSL. Are you sure the connection worked in the past with the same certificate on your remote server?
    "Over thinking, over analyzing separates the body from the mind."

  6. #6
    evetools is offline Junior Member
    Join Date
    Jul 2014
    Posts
    21

    Default

    Quote Originally Posted by saitfainder View Post
    The issue is related to the SSL certificate you're using. The cURL error says that the certificate chain cannot be verified because of the lack of the issuer certificate on our servers.

    So the only solution is to ignore the certificate chain check using this setting (I tested it and it works):

    PHP Code:
    curl_setopt($chCURLOPT_SSL_VERIFYPEERfalse);
    curl_setopt($chCURLOPT_SSL_VERIFYHOST2); 
    I would not want to ignore the certificate chain as I would like to make sure I'm giving passing the data securely.
    I had finally resolved the issue by doing:
    curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "CERT.CRT");

    We don't made any changes related to SSL. Are you sure the connection worked in the past with the same certificate on your remote server?
    Yes, it had worked without a hitch up until 3 days ago.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO