PHP SDK SSL Certificate Issue

When using the PHP SDK, you may encounter the following errors:

— SSL certificate problem: self-signed certificate in certificate chain

This is usually the case where you don’t have an up-to-date list of certificate authorities (or any list at all). To resolve the error, you need to update your php.ini file and set the curl.cainfo property.

For example, on Windows:
  
curl.cainfo= c:\php\cacert.pem

See this for configuring php.ini - http://www.php.net/manual/en/curl.configuration.php#ini.curl.cainfo
See this for a CA root certificate bundle download (pem file) - http://curl.haxx.se/docs/caextract.html


— SSL certificate problem, verify that the CA cert is OK.
Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

This error usually occurs when curl tries to connect to CommBank Simplify and the CA certificate used to sign the CommBank Simplify certificate is not trusted.  To solve this issue, you can:


Either add the CA certificate to the list of trusted CA certs on your server;
Or if you use PHP curl, use curl_setopt to set the path on your server to the CA cert (as a PEM file) to verify the peer with.
 
Example: 
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cacert.pem');

See curl_setopt PHP documentation – http://php.net/manual/en/function.curl-setopt.php

 

Contact Us

Phone Support

1800 571 971
+61 7 3224 9711

Available Monday-Friday
7 a.m. - 7 p.m. AEST

Email Support

Simplify@cba.com.au