警告:这可能会引入SSL旨在保护的安全问题，使您的整个代码库不安全。这违背了所有推荐的做法。

但一个对我来说非常简单的解决方法是打电话:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

在调用之前:

curl_exec():

在PHP文件中。

我认为这将禁用SSL证书的所有验证。

解决方法很简单!把这一行放在curl_exec之前:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

对我来说很管用。

为了一切神圣的爱…

在我的例子中，我必须设置openssl。cafile PHP配置变量到PEM文件路径。

我相信确实有很多系统可以设置旋度。在PHP的配置中的cayfo正是所需要的，但在我正在使用的环境中，这是eboraas/laravel docker容器，它使用Debian 8 (jessie)和PHP 5.6，设置这个变量并没有做到这一点。

我注意到php -i的输出没有提到任何关于特定配置设置的内容，但它确实有几行关于openssl的内容。有两个openssl。Capath和openssl。cafile选项，但只是设置第二个选项允许curl通过PHP最终可以使用HTTPS url。

警告:这可能会引入SSL旨在保护的安全问题，使您的整个代码库不安全。这违背了所有推荐的做法。

但一个对我来说非常简单的解决方法是打电话:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

在调用之前:

curl_exec():

在PHP文件中。

我认为这将禁用SSL证书的所有验证。

来源:http://ademar.name/blog/2006/04/curl-ssl-certificate-problem-v.html

#Curl: SSL certificate problem, verify that the CA cert is OK# ###07 April 2006### When opening a secure url with Curl you may get the following error: SSL certificate problem, verify that the CA cert is OK I will explain why the error and what you should do about it. The easiest way of getting rid of the error would be adding the following two lines to your script . This solution poses a security risk tho. //WARNING: this would prevent curl from detecting a 'man in the middle' attack curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); Let see what this two parameters do. Quoting the manual. CURLOPT_SSL_VERIFYHOST: 1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. CURLOPT_SSL_VERIFYPEER: FALSE to stop CURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option. CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE if CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2). Setting CURLOPT_SSL_VERIFYHOST to 2 (This is the default value) will garantee that the certificate being presented to you have a 'common name' matching the URN you are using to access the remote resource. This is a healthy check but it doesn't guarantee your program is not being decieved. ###Enter the 'man in the middle'### Your program could be misleaded into talking to another server instead. This can be achieved through several mechanisms, like dns or arp poisoning ( This is a story for another day). The intruder can also self-sign a certificate with the same 'comon name' your program is expecting. The communication would still be encrypted but you would be giving away your secrets to an impostor. This kind of attack is called 'man in the middle' ###Defeating the 'man in the middle'### Well, we need to to verify the certificate being presented to us is good for real. We do this by comparing it against a certificate we reasonable* trust. If the remote resource is protected by a certificate issued by one of the main CA's like Verisign, GeoTrust et al, you can safely compare against Mozilla's CA certificate bundle which you can get from http://curl.se/docs/caextract.html Save the file cacert.pem somewhere in your server and set the following options in your script. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, TRUE); curl_setopt ($ch, CURLOPT_CAINFO, "pathto/cacert.pem");

以上所有信息请访问:http://ademar.name/blog/2006/04/curl-ssl-certificate-problem-v.html

有时，如果您试图联系的应用程序具有自签名证书，则正常的cacert。来自http://curl.haxx.se/ca/cacert.pem的Pem不能解决问题。

如果确定服务端点url，通过浏览器点击，手动保存为“X 509链式证书(PEM)”格式。指向该证书文件

curl_setopt ($ch, CURLOPT_CAINFO, "pathto/{downloaded certificate chain file}");