Situation:

  1. There is a site provider, which has a control panel with the ability to access through the API. Access to all this farm goes through the HTTPS protocol. The specific address of the entry point: https://server158.hosting.reg.ru:1500/ispmgr
  2. There is a PHP script that should access this control panel via API;
  3. (perhaps this is important) The script runs on the local computer in a Linux virtual machine. Runs as a console application;
  4. When trying to access through the script, we consistently have the error PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
  5. When trying to access via CURL from the command line of the same virtual machine and through the REST request debugger (from the same computer, but working outside the virtual machine), everything works without problems.

Has anyone cured something like that?

    2 answers 2

    Quite simply, you forgot to add a configuration that checks / ignores the certificate.

    http://php.net/manual/ru/function.curl-setopt.php

    If you trust the certificate you can do:

     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

    If not

     curl_setopt($ch, CURLOPT_CAINFO, '/путь/к/сертификату');

    You may also need to set the CURLOPT_SSL_VERIFYHOST option .

     // пример curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    • Thanks for trying to help, but the problem is clearly different. Moreover, in the script I do not use CURL. After writing this question, I conducted my own searches. The reason was to configure the path to the certificates. - Limych

    I conducted my own search for the cause of the problem. It turned out that it is in the original non-configured paths to root certificates in PHP configs.

    I note especially that this will be useful to everyone who, like me, uses the Laravel Homestead virtual machine.

    All this is treated by writing the following option in php.ini :

     [openssl] ;... openssl.cainfo = /etc/ssl/certs/ca-certificates.crt

    If you also use cURL, add one more line to the configs:

     [curl] ;... curl.cainfo = /etc/ssl/certs/ca-certificates.crt