cURL SSL CA Config with Windows Server 2008R2 and PHP 5.2 -

i trying curl ssl work under php 5.2 (required of older code have running) without disabling ssl verification. have downloaded latest (jan 20) cacert.pem file , placed in our php dir (e:\php) , run little test script:

<?php   function nxs_curltest($url, $msg, $testtext){       $ch = curl_init();      curl_setopt($ch, curlopt_url, $url);      curl_setopt($ch, curlopt_useragent, "mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, gecko) chrome/47.0.2526.73 safari/537.36");      curl_setopt($ch, curlopt_returntransfer, 1);      curl_setopt($ch, curlopt_timeout, 10);      curl_setopt($ch, curlopt_connecttimeout, 10);     curl_setopt($ch, curlopt_verbose, true);     curl_setopt($ch, curlopt_cainfo, "e:\php\cacert.pem");      $verbose = fopen('php://temp', 'w+');     curl_setopt($ch, curlopt_stderr, $verbose);          $response = curl_exec($ch);      $errmsg = curl_error($ch);      $cinfo = curl_getinfo($ch);      curl_close($ch);      echo "<br />testing ... ".$url." - ".$cinfo['url']."<br />";     if (stripos($response, $testtext)!==false)        echo "....".$msg." - ok<br />";      else      {        echo "....<b style='color:red;'>".$msg." - problem</b><br /><pre>";        print_r($errmsg);        print_r($cinfo);        print_r(htmlentities($response));        echo "</pre>there problem curl. need contact server admin or hosting provider.<br />";     }     rewind($verbose);     $verboselog = stream_get_contents($verbose);     echo "<br />verbose output:</br />";     echo "<pre>", htmlspecialchars($verboselog), "</pre>";       }    nxs_curltest("https://www.google.com/", "https google", "mountain view, ca");   nxs_curltest("https://internalserver.example.com/curl/", "https internal", "internal test"); ?> 

now expect ssl call internal server fail uses self signed certificate not in cacert.pem file (one step @ time) cannot call google work. output:

testing ... https://www.google.com/ - https://www.google.com/....https google - problem ssl certificate problem, verify ca cert ok.  details: error:14090086:ssl routines:ssl3_get_server_certificate:certificate verify failed array (     [url] => https://www.google.com/     [content_type] =>     [http_code] => 0     [header_size] => 0     [request_size] => 0     [filetime] => -1     [ssl_verify_result] => 0     [redirect_count] => 0     [total_time] => 0.047     [namelookup_time] => 0.031     [connect_time] => 0.047     [pretransfer_time] => 0     [size_upload] => 0     [size_download] => 0     [speed_download] => 0     [speed_upload] => 0     [download_content_length] => -1     [upload_content_length] => -1     [starttransfer_time] => 0     [redirect_time] => 0 ) there problem curl. need contact server admin or hosting provider. verbose output: * connect() www.google.com port 443 (#0) *   trying 216.58.192.100... * connected * connected www.google.com (216.58.192.100) port 443 (#0) * set certificate verify locations: *   cafile: e:\php\cacert.pem     capath: none * ssl certificate problem, verify ca cert ok. details: error:14090086:ssl routines:ssl3_get_server_certificate:certificate verify failed * closing connection #0   testing ... https://internalserver.example.com/curl/ - https://internalserver.example.com/curl/.... https internalserver - problem ssl certificate problem, verify ca cert ok.  details: error:14090086:ssl routines:ssl3_get_server_certificate:certificate verify failed array (     [url] => https://internalserver.example.com/curl/     [content_type] =>     [http_code] => 0     [header_size] => 0     [request_size] => 0     [filetime] => -1     [ssl_verify_result] => 0     [redirect_count] => 0     [total_time] => 0     [namelookup_time] => 0     [connect_time] => 0     [pretransfer_time] => 0     [size_upload] => 0     [size_download] => 0     [speed_download] => 0     [speed_upload] => 0     [download_content_length] => -1     [upload_content_length] => -1     [starttransfer_time] => 0     [redirect_time] => 0 ) there problem curl. need contact server admin or hosting provider.  verbose output: * connect() internalserver.example.com port 443 (#0) *   trying 192.168.1.10... * connected * connected internalserver.example.com (192.168.1.10) port 443 (#0) * set certificate verify locations: *   cafile: e:\php\cacert.pem     capath: none * ssl certificate problem, verify ca cert ok. details:   error:14090086:ssl routines:ssl3_get_server_certificate:certificate verify failed * closing connection #0 

i see 2 potential issues here.

1: google supports tlsv1.0, tlsv1.1, , tlsv1.2. since have older version of php , curl , openssl well, based on error message may not have tls support.

2: in line curl_setopt($ch, curlopt_cainfo, "e:\php\cacert.pem");, \ needs escaped, might not picking path certs correctly. try curl_setopt($ch, curlopt_cainfo, "e:\\php\\cacert.pem"); or curl_setopt($ch, curlopt_cainfo, "e:/php/cacert.pem");

but based on error message, ssl3_get_server_certificate:certificate verify failed think first issue.

check <?php phpinfo() ?> , see curl , openssl versions php has. if openssl 0.9.8, don't have tls support.