# Issues with PHP-5.6 and SSL cert verification [SOLVED]

## hanj

I'm running into a problem with the SSL cert verification changes on PHP-5.6. I came across this post on the subject:

http://akrabat.com/ssl-certificate-verification-on-php-5-6/

Using print_r(openssl_get_cert_locations()); to output cert it's trying to verify against, I get the following output:

```
Array

(

    [default_cert_file] => /etc/ssl/cert.pem

    [default_cert_file_env] => SSL_CERT_FILE

    [default_cert_dir] => /etc/ssl/certs

    [default_cert_dir_env] => SSL_CERT_DIR

    [default_private_dir] => /etc/ssl/private

    [default_default_cert_area] => /etc/ssl

    [ini_cafile] => 

    [ini_capath] => 

)
```

In their example, their default_cert_file was  [default_cert_file] => /usr/local/openssl-0.9.8zb/ssl/cert.pem, while mine is /etc/ssl/cert.pem. All they did was install openssl, and set the value in their php.ini

The problem here, is that cert.pem doesn't exist on my system after re-emerging openssl and ca-certificates.

Here are my pertinent versions:

```
[ebuild   R    ] dev-libs/openssl-1.0.1m::gentoo  USE="tls-heartbeat zlib -bindist -gmp -kerberos -rfc3779 -static-libs {-test} -vanilla" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="(sse2)" 0 KiB

[ebuild   R    ] app-misc/ca-certificates-20140927.3.17.2::gentoo  USE="cacert" 0 KiB
```

The problem I'm running into is peer verification issues (I think). I can change the code, and things are happy, but I would rather get things working server side. This is a non-issue with 5.5, and only related to the openssl changes for 5.6.

Thanks in advance!

hanji

----------

## hanj

Ok. I got this to work.

I fetched the following file http://curl.haxx.se/ca/cacert.pem from cURL and dropped that in /etc/ssl/certs.

I added the following to php.ini

```
openssl.cafile=/etc/ssl/certs/cacert.pem

openssl.capath=/etc/ssl/certs
```

And restarted apache. All was good after that.

Hope this helps others.

hanji

----------

