How to fix SSL3_GET_SERVER_CERTIFICATE verify failed

This is working solution for the error

SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I had this problem on a fresh CentOS with manually installed openssl-1.0.2e. Might appear on other systems as well. Customer is using composer and it was giving errors on composer diagnose command.

Checking composer.json: FAIL
 Defining autoload.psr-4 with an empty namespace prefix is a bad idea for performance
 Checking platform settings: OK
 Checking git settings: OK
 Checking http connectivity to packagist: OK
 Checking https connectivity to packagist: FAIL
 [Composer\Downloader\TransportException] The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
 error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
 Failed to enable crypto
 failed to open stream: operation failed
 Checking github.com rate limit: FAIL
 [Composer\Downloader\TransportException] The "https://api.github.com/rate_limit" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
 error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
 Failed to enable crypto
 failed to open stream: operation failed
 Checking disk free space: OK
 Checking composer version:
[Composer\Downloader\TransportException]
 The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
 error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
 Failed to enable crypto
 failed to open stream: operation failed

To fix this I went to openssl installation directory (in my case open ssl was installed in  /usr) – /usr/ssl/certs and downloaded fresh CA certificate with command:

wget http://curl.haxx.se/ca/cacert.pem

Then I opened appropriate php.ini and added the following line:

openssl.cafile = "/usr/ssl/certs/cacert.pem"

Everything worked fine! 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *