问题
We are using a Drupal / Ubercart site, and recently I noticed that payment requests are failing.
In the Drupal logs I see an error like so:
cURL error: SSL certificate problem: unable to get local issuer certificate
I found a number of solutions, and tried implementing them but with no results. Some things I have tried are:
- Modifying my
/etc/php5/fpm/php.inifile to include the linecurl.cainfo = /srv/keys/cacert.pem(which is a file I downloaded from http://curl.haxx.se/ca/cacert.pem). - Adding the code in the
uc_authorizenet.modulefile to specify the cainfo directly:curl_setopt($ch, CURLOPT_CAINFO, "/srv/keys/cacert.pem");.
Before taking these steps, I ensured that the ca-certificates package is installed and up to date. After each change I restarted php5-fpm and nginx, but I still get the same error about how it is unable to get the local issuer certificate.
Thanks for any help!
回答1:
The issue is that the root CA for https://secure.authorize.net/gateway/transact.dll (and perhaps other secure urls at authorize.net) is not included in the CA bundle http://curl.haxx.se/ca/cacert.pem , for good reason : if you visit the page and look at the details of the root CA in the certificate path you will note that the Sha1 thumbprint is 99 a6 9b e6 1a fe 88 6b 4d 2b 82 00 7c b8 54 fc 31 7e 15 39 . A search on the Internet will lead you to this page https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/ , which explains that this root certificate is not trusted anymore. The solution is provided in a similar question : How comes authorize.net uses a certificate that is signed with a CA that is not in the well known curl.haxx.se/ca/cacert.pem list?
来源:https://stackoverflow.com/questions/28755487/drupal-curl-ssl-certificate-error