Skip to content

Steps for troubleshooting CA file issues

Jump to bottom
Thanet Knack Praneenararat edited this page May 22, 2019 · 5 revisions

If this library can't find a CA bundle on your system, you'll get an error message similar to this:

cURL error 60: SSL certificate problem: unable to get local issuer certificate.

CA file issues can also cause an error like this:

Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL:
Couldn't load from
'https://adwords.google.com/api/adwords/cm/v201809/CampaignService?wsdl' :
failed to load external entity
"https://adwords.google.com/api/adwords/cm/v201809/CampaignService?wsdl

To remedy, try these steps:

  1. Check if you have CA files in your system:
    • For Red Hat, CentOS and Fedora, the path to the CA file provided by the ca-certificates package is usually /etc/pki/tls/certs/ca-bundle.crt.
    • For Ubuntu and Debian, the path to the CA file provided by the ca-certificates package is usually /etc/ssl/certs/ca-certificates.crt.
    • For FreeBSD, the path to the CA file provided by the ca_root_nss package is usually /usr/local/share/certs/ca-root-nss.crt.
    • For OS X, the path to the CA file provided by Homebrew is usually /usr/local/etc/openssl/cert.pem.
    • For Windows, the path to the CA file is usually either C:\windows\system32\curl-ca-bundle.crt or C:\windows\curl-ca-bundle.crt.
      • For 32-bit Windows 7, all requests to C:\windows\system32\ is redirected to C:\Windows\SysWOW64, so you probably need to check there instead. See this post for detailed explanation.
  2. If you don't have any CA files in your system, download one from curl's website and put it in either the default path above (recommended) or your usual place for them (such as C:\xampp\apache\conf\ssl.crt\).
    • For Windows, rename the downloaded file to curl-ca-bundle.crt.
  3. If you have a valid CA file, but it doesn't work or seems to not be read by the library, try one of these procedures:
    • Explicitly set openssl.cafile and/or curl.cainfo in your php.ini to the path of your CA file. For example, 
      openssl.cafile="C:\xampp\apache\conf\ssl.crt\curl-ca-bundle.crt"
    • Manually specify your SSL CA file location with SoapSettingsBuilder's withSslCaFile().
    • Set disableSslVerify() to true. This should be avoided unless necessary since disabling SSL verification can compromise your account. 
      $oAuth2Credential = (new OAuth2TokenBuilder())
    ->fromFile()
    ->build();
$soapSettings = (new SoapSettingsBuilder())
    ->disableSslVerify()
    ->build();
$session = (new AdWordsSessionBuilder())
    ->fromFile()
    ->withSoapSettings($soapSettings)
    ->withOAuth2Credential($oAuth2Credential)
    ->build();
Clone this wiki locally