SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Question

After upgrading to PHP 5.6 I get an error when trying to connect to a server via fsockopen()..

The certificate on the server (host) is self-signed

Answer 1

You mention the certificate is self-signed (by you)? Then you have two choices:

• add the certificate to your trust store (fetching cacert.pem from cURL website won't do anything, since it's self-signed)
• don't bother verifying the certificate: you trust yourself, don't you?

Here's a list of SSL context options in PHP: https://secure.php.net/manual/en/context.ssl.php

Set allow_self_signed if you import your certificate into your trust store, or set verify_peer to false to skip verification.

The reason why we trust a specific certificate is because we trust its issuer. Since your certificate is self-signed, no client will trust the certificate as the signer (you) is not trusted. If you created your own CA when signing the certificate, you can add the CA to your trust store. If your certificate doesn't contain any CA, then you can't expect anyone to connect to your server.