How to , and other stuff about linux, photo, php … A linux, photography blog. To remember some linux situation, and fix them quickly.

January 11, 2017

php 5.6 ssl verify error

Filed under: Linux — Tags: , , — admin @ 12:15 pm

New problem in town . A server could not send e-mail using php . But can connect using telnet .
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Some error from php class.
Well it appear that there is no cert on server
php -r “print_r(openssl_get_cert_locations());”

[default_cert_file] => /etc/pki/tls/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /etc/pki/tls/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /etc/pki/tls/private
[default_default_cert_area] => /etc/pki/tls
[ini_cafile] =>
[ini_capath] =>

For me this file was not there
After I run
I have copy the file
/etc/pki/tls/certs/ca-bundle.crt to /etc/pki/tls/cert.pem and it worked .



Today facing same problem but more complicated. The cer.pem was there ..but mail was not sending . So how to debug it ?

Well first of all we need to see what root certificat is needed.

So I run

openssl s_client -crlf -connect

depth=0 C = EN, CN =
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = EN, CN =
verify error:num=21:unable to verify the first certificate
verify return:1


issuer=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA

No client certificate CA names sent


From here we see that we need StartCom Class 1 DV Server CA

So I search on google and find it here

So I download the CA pem file into /etc/pki/ca-trust/source/anchors/

and after this run also

update-ca-trust extract

After this all was working fine.



More information can be found here

Trusting additional CAs in Fedora / RHEL / CentOS: an alternative to editing /etc/pki/tls/certs/ca-bundle.crt (or /etc/pki/tls/cert.pem)

and here

Powered by WordPress