Thanks to my friend @GuilhermeNascimento for the response and @Bacco to have helped in the chat to solve the problem.
I finally got it resolved!
Let's take the necessary steps. I'm using PHP version 5.6.
Once you have made all the necessary settings in apache, you need to do a configuration for PHP.
First, we need to find the location of the certificate file PHP is reading. It can be seen through the openssl_get_cert_locations
function.
In my case, it returned the following:
[
"default_cert_file" => "/usr/lib/ssl/cert.pem",
"default_cert_file_env" => "SSL_CERT_FILE",
"default_cert_dir" => "/usr/lib/ssl/certs",
"default_cert_dir_env" => "SSL_CERT_DIR",
"default_private_dir" => "/usr/lib/ssl/private",
"default_default_cert_area" => "/usr/lib/ssl",
"ini_cafile" => "/usr/lib/ssl/cert.pem",
"ini_capath" => "",
]
Looking at the value of default_cert_file
, you now know where PHP reads the Certified Intermediates .
Explaining very quickly, the cert.pem
file contains a list of trusted certificates from each Certification Authority. It is called CA Bundle .
You should download it at this link and move it to the location returned in default_cert_file
. Or you can download it to a different location and set the location of your file through php.ini
through openssl.cafile
.
openssl.cafile = /caminho/do/cacert.pem
Every time you make a request by PHP via curl
or any other function using the wrapper https
, using the verify_peer
option, PHP will read this file to find out which are the valid Certificate Authority.
After these operations, if the error shown in the question still remains, you must manually add the intermediate code of your SSL certificate at the end of the file.
The @Bacco user recommended me to access the browser itself and download this code.
See the image:
Inmycase,IchosetheRapidSSLSHA256CA
optionandexportedthedata.Youcandothisinanybrowser.ThenamewillchangeaccordingtoyourCertificationAuthority.
Important
FromthemomentyouareaddinganewCAtoyoursystem, youaresayingyoutrust"blindly" in that entity, so just do
this is really if it is a certificate that you are sure
absolute of the origin and suitability.
Note : You can also find the code on the SSL Service Provider website, but in my case it worked better by downloading from the browser.
The code that you will download from the certificate will look something like this:
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv
YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6
ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp
s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN
S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL
TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C
ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i
YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN
BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp
9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu
01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----
After that, edit the file marked as default_cert_file
in your PHP. In my case, I renamed cert.pem
after download. Now add the code of the certificate you downloaded from the browser (or the CA certificate you are using) and add it to the previously cited file. It is recommended that you put in the end of your.
After this you may have to restart Apache, but in my case, you did not need to.
CA Bundle Link:
link