[Solved] SSL Certificate Problem: Unable To Get Local Issuer Certificate

After installing an SSL certificate successfully, a padlock sign and HTTPS will appear in the browser. The website connection with an https:// URL helps the web server establish a secure connection with the web browser. While making a cURL request to a safe HTTPS destination, you may have received the SSL certificate problem: unable to get local issuer certificate message. Although this error is not common, it still occurs sometimes.

This post will explain what the SSL Certificate is, then show you the primary causes of this error, and how to correct the “SSL certificate problem: unable to get local issuer certificate” error.

Initially, let’s explore what an SSL certificate is and why it is a must-have certificate of your website.

Table of Contents

About An SSL Certificate
Roots Of SSL Certificate Problem: Unable To Get Local Issuer Certificate
Solutions for SSL Certificate Problem: Unable To Get Local Issuer Certificate
- For .PEM Format
- For .CRT Format
Final Words

About An SSL Certificate

SSL Certificate

An SSL (Secure Socket Layer) certificate encrypts the communications between clients and servers and secures it from the person trying to intercept it. SSL encrypts your data into unreadable forms, so it is difficult or impossible for any third party to steal data during transmission. A secure session occurs behind the scene without interrupting the browsing experience of the users. SSL certificates are very advantageous when it comes to protecting sensitive information, such as banking details, login credentials, personal details, and other vital data.

For an e-commerce store, an SSL certificate is essential in facilitating secure online transactions. If your website is not encrypted, it is at risk of data theft. Attackers can read passwords, login info, and other sensitive information uploaded by users. SSL certificate helps your online store accept payment securely, protect password logins, protect web forms, and improve SEO performance.

Roots Of SSL Certificate Problem: Unable To Get Local Issuer Certificate

When you are using client SSL certificates and try to make a request to a secured HTTPS source, you need to share an SSL certificate to verify your identity. During this time, if the root certificate on the system does not work correctly, the “SSL certificate problem: unable to get Local Issuer Certificate” error can occur.

To fix this error, may effective solutions are available, from which you are likely to select one.

Solutions For SSL Certificate Problem: Unable To Get Local Issuer Certificate

We will show you several solutions for .PEM Format and .CRT Format:

For .PEM Format

Change Php.ini (Keep SSL)

Go to https://curl.haxx.se/ca/cacert.pem and download cacert.pem.
Then, copy cacert.pem into your version of openssl/zend. For example, /usr/local/openssl-0.9.8/certs/cacert.pem.
Open your php.ini file and modify the CURL configuration by adding cainfo = ‘/usr/local/openssl-0.9.8/certs/cacert.pem.
Restart your PHP and identify whether the CURL can read HTTPS URL or not.

Don’t Change Php.Ini (Keep SSL)

Enter the below code while maintaining SSL.

$ch = curl_init();
$certificate_location = ‘/usr/local/openssl-0.9.8/certs/cacert.pem’;
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $certificate_location);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $certificate_location);

Disable SSL (Not recommended)

Enter the below code

$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

One of the three above solutions is bound to work, and you will no longer receive the “SSL certificate problem: unable to get Local Issuer Certificate” message.

For .CRT Format

Acquire The SSL bundle - ca-bundle.crt

To get the SSL bundle, please go to the below URL, copy and save the content on your server. You can save it to any destination, but it is recommended to keep it near the server’s top level.

https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt

I have this error on today, for instance, I am using a locally hosted XAMP installation, so I select this path:

C:/xampp/htdocs/_certs/ca-bundle.crt

Change Php.ini

To identify where the php.ini file is located, you have to edit this file. For instance, in XAMPP, you can get to the php.ini file from the Config button in the control panel of XAMPP. Other servers can have php.ini files in some other locations, but mostly these files can be located in the /etc directory somewhere.

After finding the php.ini file successfully, add or update below lines into that file:

[CA Certs]
curl.cainfo="C:/xampp/htdocs/_certs/ca-bundle.crt"
openssl.cafile="C:/xampp/htdocs/_certs/ca-bundle.crt"

Note: You need to update the path to match where your php.ini is saved.

Restart PHP

Once you finish all the steps mentioned above, restart the PHP. Different servers may trigger PHP restart differently. If you are using the XAMPP server, you need to turn off Apache and then turn on via the XAMPP control panel. In Linux servers, you can try the below command:

service php5-fpm restart`

And that‘s it! After restarting PHP, now you can re-try your cURL request and be happy to see an actual request sent. Hopefully, with no other issues, you will see a valid response.

Related post:

Final Words

Hopefully, this guide will help you solve the SSL certificate problem: ‘Unable to get local issuer certificate quickly. If you are looking for a perfect security solution for your online store, Magento 2 Security extension by Mageplaza is the great choice for you. This module keeps your store from hackers and protects your valued information in different areas such as Brute Force, Blacklist IPs, login records, log backups, and more. In case you have any questions about this article, don’t hesitate to leave a comment below!

Looking for
Customization & Development Services?

8+ years of experiences in e-commerce & Magento has prepared us for any challenges, so that we can lead you to your success.

Get free consultant