上面的解决方案很好，但是如果您正在使用WampServer，您可能会发现设置curl。php.ini中的cfo变量不工作。

我最终发现WampServer有两个php.ini文件:

C:\wamp\bin\apache\Apachex.x.x\bin
C:\wamp\bin\php\phpx.x.xx

第一个显然用于通过web浏览器调用PHP文件，而第二个用于通过命令行或shell_exec()调用命令。

博士TL;

如果使用WampServer，则必须添加curl。到两个php.ini文件。

这是Windows系统中很常见的问题。你只需要设置cacert。Pem到卷曲。

从PHP 5.3.7开始，你可以这样做:

下载https://curl.se/ca/cacert.pem并保存到某个地方。 更新php.ini—添加curl。info = "PATH_TO/cacert.pem"

否则，您需要为每个cURL资源执行以下操作:

curl_setopt ($ch, CURLOPT_CAINFO, "PATH_TO/cacert.pem");

来源:http://ademar.name/blog/2006/04/curl-ssl-certificate-problem-v.html

#Curl: SSL certificate problem, verify that the CA cert is OK# ###07 April 2006### When opening a secure url with Curl you may get the following error: SSL certificate problem, verify that the CA cert is OK I will explain why the error and what you should do about it. The easiest way of getting rid of the error would be adding the following two lines to your script . This solution poses a security risk tho. //WARNING: this would prevent curl from detecting a 'man in the middle' attack curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); Let see what this two parameters do. Quoting the manual. CURLOPT_SSL_VERIFYHOST: 1 to check the existence of a common name in the SSL peer certificate. 2 to check the existence of a common name and also verify that it matches the hostname provided. CURLOPT_SSL_VERIFYPEER: FALSE to stop CURL from verifying the peer's certificate. Alternate certificates to verify against can be specified with the CURLOPT_CAINFO option or a certificate directory can be specified with the CURLOPT_CAPATH option. CURLOPT_SSL_VERIFYHOST may also need to be TRUE or FALSE if CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2). Setting CURLOPT_SSL_VERIFYHOST to 2 (This is the default value) will garantee that the certificate being presented to you have a 'common name' matching the URN you are using to access the remote resource. This is a healthy check but it doesn't guarantee your program is not being decieved. ###Enter the 'man in the middle'### Your program could be misleaded into talking to another server instead. This can be achieved through several mechanisms, like dns or arp poisoning ( This is a story for another day). The intruder can also self-sign a certificate with the same 'comon name' your program is expecting. The communication would still be encrypted but you would be giving away your secrets to an impostor. This kind of attack is called 'man in the middle' ###Defeating the 'man in the middle'### Well, we need to to verify the certificate being presented to us is good for real. We do this by comparing it against a certificate we reasonable* trust. If the remote resource is protected by a certificate issued by one of the main CA's like Verisign, GeoTrust et al, you can safely compare against Mozilla's CA certificate bundle which you can get from http://curl.se/docs/caextract.html Save the file cacert.pem somewhere in your server and set the following options in your script. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, TRUE); curl_setopt ($ch, CURLOPT_CAINFO, "pathto/cacert.pem");

以上所有信息请访问:http://ademar.name/blog/2006/04/curl-ssl-certificate-problem-v.html

我在亚马逊AMI linux上有同样的错误。

我通过设置旋度来解决。/etc/php.d/curl.ini上的info

https://gist.github.com/reinaldomendes/97fb2ce8a606ec813c4b

2018年10月

在Amazon Linux v1上编辑此文件

vi /etc/php.d/20-curl.ini

要添加这一行

curl.cainfo="/etc/ssl/certs/ca-bundle.crt"

解决方法很简单!把这一行放在curl_exec之前:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

对我来说很管用。

为了一切神圣的爱…

在我的例子中，我必须设置openssl。cafile PHP配置变量到PEM文件路径。

我相信确实有很多系统可以设置旋度。在PHP的配置中的cayfo正是所需要的，但在我正在使用的环境中，这是eboraas/laravel docker容器，它使用Debian 8 (jessie)和PHP 5.6，设置这个变量并没有做到这一点。

我注意到php -i的输出没有提到任何关于特定配置设置的内容，但它确实有几行关于openssl的内容。有两个openssl。Capath和openssl。cafile选项，但只是设置第二个选项允许curl通过PHP最终可以使用HTTPS url。