PHP Composer HTTPS error 1416F086. Certificate verifying failed

Question 1

I suddenly get this nasty HTTPS error with PHP Composer and Composer used to work on my machine. There are already topics with the same issue on Github and also . I tried everything what is recommended but nothing works for me. I downloaded a new certificate and put it into /usr/lib/ssl/certs

updated php
updated composer
There is no problem with curl to curl a https page.

php modules :

calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gd
gettext
hash
iconv
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
SimpleXML
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

my system:

Distributor ID: LinuxMint
Description:    Linux Mint 18.2 Sonya
Release:    18.2
Codename:   sonya

print_r(openssl_get_cert_locations()); output:

Array ( [default_cert_file] => /usr/lib/ssl/cert.pem [default_cert_file_env] => SSL_CERT_FILE [default_cert_dir] => /usr/lib/ssl/certs [default_cert_dir_env] => SSL_CERT_DIR [default_private_dir] => /usr/lib/ssl/private [default_default_cert_area] => /usr/lib/ssl [ini_cafile] => /opt/atom/resources/app.asar.unpacked/node_modules/dugite/git/ssl/cacert.pem [ini_capath] => )

composer install error message:

 [ComposerDownloaderTransportException]
?  The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
?  error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
?  Failed to enable crypto
?  failed to open stream: operation failed

my simple composer.json file

{
  "name": "root/helloworld",
  "require": {
    "doctrine/orm": "~2",
    "zendframework/zendframework": "^3.0"
  },
  "authors": [
    {
      "name": "23232323"
    }
  ]
}

Composer output terminal composer diagnose:

   composer diagnose
    Checking platform settings: OK
    Checking git settings: OK
    Checking http connectivity to packagist: OK
    Checking https connectivity to packagist: WARNING
    [ComposerDownloaderTransportException] The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
    error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
    Failed to enable crypto
    failed to open stream: operation failed
    Checking github.com rate limit: OK
    Checking disk free space: OK
    Checking pubkeys: 
    Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
    Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
    OK
    Checking composer version: OK
    Composer version: 1.7.3
    PHP version: 7.2.12
    PHP binary path: /usr/bin/php7.2

Question 2

I found a solution for this problem:

sudo apt-get purge ca-certificates 

sudo apt-get install ca-certificates

composer diagnose

Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 1.7.3
PHP version: 7.2.12
PHP binary path: /usr/bin/php7.2

Question 3

curl used to include a list of accepted certificate authorities (CAs) but no longer bundles ANY CA certs since 7.18.1 and onwards. So by default it'll reject all TLS/SSL certificates as unverifiable.

You'll have to get your CA's root certificate and point curl at it. More details at curl's details on TLS/SSL certificates verification.

Question 4

I would suggest you take a look at this: https://getcomposer.org/doc/03-cli.md#environment-variables

COMPOSER

By setting the COMPOSER env variable it is possible to set the filename of composer.json to something else.

For example:

COMPOSER=composer-other.json php composer.phar install

The generated lock file will use the same name: composer-other.lock in this example.

Question 5

I prefer install LAMP stack vs. xamp: it is simple and easy config package ...

sudo apt-get install apache2
sudo apt-get install curl php5-cli php5 libapache2-mod-php5 php5-openssl
sudo /etc/init.d/apache2 restart
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

To test your installation, run:

  composer

with this command not required changed php.ini and etc.

Question 6

About nine days ago (around end of March, 2016), ComposerRepositoryComposerRepository::whatProvides api changed. (#2668) So, if you have installed fxp/composer-asset-plugin globally, you should update it. You can do that with:

php composer.phar global update fxp/composer-asset-plugin --no-plugins

PHP Composer HTTPS error 1416F086. Certificate verifying failed

Answers

php,https,composer-php