AWS SSL security error : [curl] 60: SSL certificate prob…: unable to get local issuer certificate

0 votes

I am trying to connect Amazon's S3 files from my (localhost) Windows 8 machine running AppServ 2.5.10 (which includes Apache 2.2.8, php 5.2.6, mysql 5.0.51b and phpMyAdmin 2.10.3) using Amazon SDK for php.

In order to be compatible with Amazon SDK's namespace feature, I replaced php with version 5.3.28 by downloading its zipped file and unzipped it.

My php code works fine to access S3 file in Amazon EC2 but it failed in my Windows local host.

However when I run the php srcipt to read Amazon S3 bucket file in Windows local host machine, I got SSL error as following:

Fatal error: Uncaught exception 'Guzzle\Http\Exception\CurlException' with message '[curl] 60: SSL certificate problem: unable to get local issuer certificate [url] https://images-st.s3.amazonaws.com/us/123977_sale_red_car.png' in C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php:342 Stack trace:

#0 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(283): Guzzle\Http\Curl\CurlMulti->isCurlException(Object(Guzzle\Http\Message\Request), Object(Guzzle\Http\Curl\CurlHandle), Array)

#1 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(248): Guzzle\Http\Curl\CurlMulti->processResponse(Object(Guzzle\Http\Message\Request), Object(Guzzle\Http\Curl\CurlHandle), Array)

#2 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(231): Guzzle\Http\Curl\CurlMulti->processMessages()

#3 C:\AppServ\www\ecity\vendor\guzzle\guzzle\src\Guzzle\Http\Curl\CurlMulti.php(215): Guzzle\Http\Curl\CurlMulti->executeHandles()

#4 C:\AppServ\www\ecity\ven in C:\AppServ\www\ecity\vendor\aws\aws-sdk-php\src\Aws\Common\Client\AbstractClient.php on line 288

I download the certifate from http://curl.haxx.se/ca/cacert.pem and define it in php.ini as following:

curl.cainfo = "C:\AppServ\cacert.pem"

but I still got the same error. It seems php doesn't honor the curl.cainfo defined in php.ini.

My php version is 5.3.28 according to localhost/phpinfo.php.

I also checked the cainfo parameter to be correct as C:\AppServ\cacert.pem using

echo ini_get( "curl.cainfo" ) ; 

in the php script.

Php version higher than 5.3 shall support curl.cainfo in php.ini.

In Windows' command line, I check curl behavior and it seems work fine.

C:\Users\Jordan>curl  https://s3-us-west-2.amazonaws.com/images-st/aaa.txt
   curl: (60) SSL certificate problem: unable to get local issuer certificate
   ......

C:\Users\Jordan>curl --cacert C:\AppServ\cacert.crt  https://s3-us-west-2.amazonaws.com/images-st/aaa.txt
  This is aaa.txt file.
  Stored in Amazon S3 bucket.

Is it because I used Apache in Windows which doesn't match php 5.3.28 zip file I downloaded from http://windows.php.net/download/ VC9 x86 Thread Safe (2014-Jun-11 01:09:56) zip version.

In my apache's httpd-ssl.conf file, I have the following setting even I use from local host in Windows 8.

<VirtualHost _default_:443>

DocumentRoot "C:/AppServ/www"
ServerName localhost:443
ServerAdmin webmaster@localhost.com
ErrorLog "C:/AppServ/Apache2.2/logs/error.log"
TransferLog "C:/AppServ/Apache2.2/logs/access.log"

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:/AppServ/Apache2.2/conf/mydomain.cert"
SSLCertificateKeyFile "C:/AppServ/Apache2.2/conf/mydomain.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/Apache2.2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0

CustomLog "C:/AppServ/Apache2.2/logs/ssl_request.log" \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  

Now I am wondering what is the problem and how to connect to Amazon S3 bucket files and RDSdatabase without producing these curl cannot get local issuer certificate problems from my Windows 8 local host.

Any advice?

Nov 2, 2018 in AWS by findingbugs
• 3,140 points
122 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

the solution for AWS SDK v2 is to set the ssl.certificate_authority option when instantiating the SDK:

$aws = Aws\Common\Aws::factory(array(
    'region' => 'us-west-2',
    'ssl.certificate_authority' => '/path/to/updated/cacert.pem'
));

http://docs.aws.amazon.com/aws-sdk-php/guide/latest/faq.html#what-do-i-do-about-a-curl-ssl-certificate-error

answered Nov 2, 2018 by Priyaj
• 56,120 points

Related Questions In AWS

+1 vote
3 answers

Unable to login to parse dashboard on AWS

I had the same issue, which I ...READ MORE

answered Aug 28, 2018 in AWS by eatcodesleeprepeat
• 4,670 points
383 views
+1 vote
3 answers

How to get ARN for s3 Bucket using aws cli .

An ARN is a non-opaque, constructible identifier, ...READ MORE

answered Aug 16, 2018 in AWS by Priyaj
• 56,120 points
699 views
0 votes
1 answer

Quick way to get AWS Account number from the cli tools?

Via "Secure Token Service" using the following ...READ MORE

answered Jul 12, 2018 in AWS by Priyaj
• 56,120 points
42 views
0 votes
1 answer

How to get AWS account/service cost using CloudWatch API?

You can check this link for a ...READ MORE

answered Jul 13, 2018 in AWS by Priyaj
• 56,120 points
131 views
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
• 56,120 points
85 views
0 votes
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
• 56,120 points
185 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,520 points
100 views
0 votes
2 answers
0 votes
1 answer

How to add SSL certificate to AWS EC2 with the help of new AWS Certificate Manager service

refer this link  https://aws.amazon.com/certificate-manager/faqs/ You can't install the certificates ...READ MORE

answered Jul 19, 2018 in AWS by Priyaj
• 56,120 points
26 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.