Viewed   297 times

I use WAMP on a local development environment and am trying to charge a credit card but get the error message:

cURL error 60: SSL certificate problem: unable to get local issuer certificate

I searched a lot on Google and lots of people are suggesting that I download this file: cacert.pem, put it somewhere and reference it in my php.ini. This is the part in my php.ini:

curl.cainfo = "C:Windowscacert.pem"

Yet, even after restarting my server several times and changing the path, I get the same error message.

I use WAMP from the Apache Modules and have the ssl_module enabled. And from the PGP extensions I have php_curl enabled.

Still the same error message. Why is that happening?

Now I am following this fix: How to fix PHP CURL Error 60 SSL

Which suggests that I add these lines to my cURL options:

curl_setopt($process, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, true);

Where do I add options to my cURL? Apparently not through the command line, since my CLI doesn't find the command "curl_setopt"


This is the code I am running:

public function chargeStripe()
    $stripe = new Stripe;
    $stripe = Stripe::make(env('STRIPE_PUBLIC_KEY'));

    $charge = $stripe->charges()->create([
        'amount'   => 2900,
        'customer' => Input::get('stripeEmail'),
        'currency' => 'EUR',


    // echo $charge[Input::get('stripeToken')];

    return Redirect::route('step1');



Working solution assuming your on Windows using XAMPP:

XAMPP server

  1. Similar for other environment
    • download and extract for cacert.pem here (a clean file format/data)

  1. Put it here in the following directory.


  1. In your php.ini put this line in this section ("c:xamppphpphp.ini"):
; php.ini Options  ;

curl.cainfo = "C:xamppphpextrassslcacert.pem"
  1. Restart your webserver/apache

  2. Problem solved!


Wednesday, November 23, 2022
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);

Change that to 1. Also, set this after CURLOPT_SSL_VERIFYPEER:

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
Thursday, September 8, 2022

Finally got this to work!

  1. Download the certificate bundle.

  2. Put it somewhere. In my case, that was c:wamp directory (if you are using Wamp 64 bit then it's c:wamp64).

  3. Enable mod_ssl in Apache and php_openssl.dll in php.ini (uncomment them by removing ; at the beginning). But be careful, my problem was that I had two php.ini files and I need to do this in both of them. One is the one you get from your WAMP taskbar icon, and another one is, in my case, in C:wampbinphpphp5.5.12

  4. Add these lines to your cert in both php.ini files:

  5. Restart Wamp services.

Thursday, November 3, 2022

Using openssl s_client -connect shows:

Certificate chain
 0 s:/, Inc./C=US/ST=California/L=Mountain View/businessCategory=Private Organization/serialNumber=3898261/OU=Infrastructure Operations/
   i:/C=US/O=thawte, Inc./CN=thawte Extended Validation SHA256 SSL CA
 1 s:/C=US/O=thawte, Inc./CN=thawte Extended Validation SHA256 SSL CA
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3

That last "i" shows the issuing self-signed root CA. I'm guessing that that particular Thawte root CA, _i.e. the Primary Root CA - G3 cert, is not in your /etc/ssl/certs directory (as stated in the curl output; openssl s_client does not have a de CA path, and needs to given one explicitly, e.g. -CApath /etc/ssl/certs).

Adding that certificate explicitly to your /etc/ssl/certs directory (and re-running c_rehash) certainly wouldn't hurt. And if it works, e.g. as verified using openssl s_client -connect -CApath /etc/ssl/certs, then you know that that update-ca-certificates command may need some examination/debugging, as to why it hadn't picked up this root CA.

Now, it may be that the above root CA is already in your /etc/ssl/certs directory, and the above steps had no effect. In that case, there are two other issuing CA certs to check (at least in the cert chain offered by thawte Primary Root CA, and thawte SSL CA - G2. Repeating the above steps to install these certs into your /etc/ssl/certs directory (and re-running c_rehash) might work. Since these two are intermediate CAs, and not root CAs, the absence of one of them would explain your results, and might be expected as overlooked certs by update-ca-certificates.

Hope this helps!

Tuesday, December 6, 2022

You can't access files in the /etc/ssl/certs directory because it is missing search permission (x). You may fix that with chmod, e.g.: chmod a+x /etc/ssl/certs

Friday, December 2, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :