Twilio PHP – SSL certificate: self signed certificate in certificate chain

By | February 23, 2018
Questions:

I’m struggling with this error when trying to send a message via Twilio using their PHP library:

Fatal error: Uncaught exception Services_Twilio_TinyHttpException with message SSL certificate problem: self signed certificate in certificate chain thrown in F:\path\to\site\twilio-php\Services\Twilio\TinyHttp.php on line 119

I’m using wamp on windows 7.

I have of course found all of the other posts about certificate errors. From what I can see, usually updating or adding the cacert.pem file fixes the issue. However, even after doing this i’m still getting the same error.

Just as a sanity check here is exactly what i’ve done:

  1. Downloaded the latest certificates from here: http://curl.haxx.se/ca/cacert.pem.
  2. Placed this file in the following location c:/wamp/certs/cacert.pem
  3. Updated php.ini as follows: curl.cainfo = c:/wamp/certs/cacert.pem
  4. Restarted all wamp services including apache

And i’m still getting the same error. I have verified that I am editing the correct php.ini using phpinfo(). I’m at a loss as to why it’s still complaining.

Is there any way to verify 100% that my cacert.pem file is being found and read? I’ve checked phpinfo() and there is no mention of it in there. Should it say somewhere which, if any cacert.pem it’s using?

Thanks!

Answers:

I had the exact same issue

Follow these steps:

Download the following file – cacert.pem

Then download the following file – thawte_Premium_Server_CA.pem

Open the second file in a text editor and copy its contents into the first file (cacert.pem at the bottom/end).

Save cacert.pem and add the following lines to your php.ini :

[curl]
curl.cainfo=c:/xampp/php/cacert.pem

Obviously change the directory to the one where your pem is located. Restart the php local server (xampp/wamp). Then it will work flawlessly.

thanks.

Questions:
Answers:

Edit TinyHttp.php

and add CURLOPT_SSL_VERIFYPEER => FALSE, at $opts array

Questions:
Answers:

I’m not using Twilio, but I am on Windows and was having the exact problems described in the OP. I resolved this by downloading the ca-bundle.crt file from this page and pointing my php.ini to it:
http://curl.haxx.se/docs/caextract.html

Questions:
Answers:

In my case, the cacert.pem from the download link above didn’t work for me but the cacert.pem from previous twilio php library package such as 3.12.5 worked. I modified twilio.php in newer package to add the following two lines

CURLOPT_CAINFO => dirname(FILE) . '/cacert.pem'
'cafile' => dirname(FILE) . '/cacert.pem'

to the corresponding location as older package and copied the cacert.pem to newer package as well.

Questions:
Answers:

For me, none of the answers posted here worked.

But then I upgraded my PHP to 7.0.1*, and I no longer had this error: Services_Twilio_TinyHttpException: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL.

*(C:\wamp\bin\php\php-7.0.1-Win32-VC14-x64 instead of C:\wamp\bin\php\php5.4.3)

And my C:\wamp\bin\php\php-7.0.1-Win32-VC14-x64\php.ini had already included curl.cainfo=C:/wamp/cacert.pem.

Questions:
Answers:

Here is the official answer from Twilio:

To try fixing this issue please try to do the following:

1 Download the following pem file: https://twilio.zendesk.com/attachments/token/EenviU5Rv4KHUzGM6VP5UijB0/?name=cacert.pem

2 Copy this file to either c:\cert\cacert.pem (Windows) or any other path on your Unix/ Linux / Mac installation

3 Open php.ini file in your favorite editor

If the following configuration string: curl.cainfo exists in your php.ini, please uncomment it by removing “;” and modify the path in order to point it to the cacert.pem file attached to this e-mail, e.g:

;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

curl.cainfo=c:\cert\cacert.pem

5 Please restart your Apache service to apply the change (very important!)

Questions:
Answers:

Instead of hacking tiny_http.php, you can add your own cURL options by calling Twilio’s CurlClient constructor with your chosen options, like:

    $client = new \Twilio\Rest\Client($accountSid, $authToken);
    $curlOptions = [ CURLOPT_SSL_VERIFYHOST => false, CURLOPT_SSL_VERIFYPEER => false];
    $client->setHttpClient(new CurlClient($curlOptions));

    try {
        $call = $client->calls->create($from_phone, $phone_number, $callback_url);
        print 'Call queued with Twilio';
    } catch (\Exception $ex) {
        print 'Twilio error: ' . $ex->getMessage();
    }

Questions:
Answers:

I am having the same issue, But I been looking into the article maybe it helps you. http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

Look into your cURL version. you must be in 7.4x

Leave a Reply

Your email address will not be published. Required fields are marked *